DefectDojo · kiblik · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+.git
+.gitignore
+*.md
diff --git a/.dryrunsecurity.yaml b/.dryrunsecurity.yaml
@@ -0,0 +1,72 @@
+---
+sensitiveCodepaths:
+  - 'dojo/object/urls.py'
+  - 'dojo/object/views.py'
+  - 'dojo/announcement/*.py'
+  - 'dojo/api_v2/*.py'
+  - 'dojo/api_v2/**/*.py'
+  - 'dojo/authorization/*.py'
+  - 'dojo/db_migrations/*.py'
+  - 'dojo/endpoint/*.py'
+  - 'dojo/engagement/*.py'
+  - 'dojo/finding/*.py'
+  - 'dojo/finding_group/*.py'
+  - 'dojo/group/*.py'
+  - 'dojo/importers/*.py'
+  - 'dojo/importers/**/*.py'
+  - 'dojo/jira_link/*.py'
+  - 'dojo/metrics/*.py'
+  - 'dojo/note_type/*.py'
+  - 'dojo/notes/*.py'
+  - 'dojo/product/*.py'
+  - 'dojo/product_type/*.py'
+  - 'dojo/reports/*.py'
+  - 'dojo/risk_acceptance/*.py'
+  - 'dojo/search/*.py'
+  - 'dojo/templates/*.html'
+  - 'dojo/templates/**/*.html'
+  - 'dojo/templatetags/*.py'
+  - 'dojo/test/*.py'
+  - 'dojo/tool_config/*.py'
+  - 'dojo/tool_product/*.py'
+  - 'dojo/tool_type/*.py'
+  - 'dojo/user/*.py'
+  - 'dojo/apps.py'
+  - 'dojo/celery.py'
+  - 'dojo/context_processors.py'
+  - 'dojo/decorators.py'
+  - 'dojo/filters.py'
+  - 'dojo/forms.py'
+  - 'dojo/middleware.py'
+  - 'dojo/models.py'
+  - 'dojo/okta.py'
+  - 'dojo/pipeline.py'
+  - 'dojo/remote_user.py'
+  - 'dojo/tasks.py'
+  - 'dojo/urls.py'
+  - 'dojo/utils.py'
+  - 'dojo/views.py'
+  - 'dojo/wsgi.py'
+  - 'docker/environments/*.env'
+  - 'docker/extra_settings'
+  - 'docker/entrypoint-celery-beat.sh'
+  - 'docker/entrypoint-celery-worker.sh'
+  - 'docker/entrypoint-initializer.sh'
+  - 'docker/entrypoint-first-boot.sh'
+  - 'docker/entrypoint-nginx.sh'
+  - 'docker/entrypoint-uwsgi.sh'
+  - 'docker/wait-for-it.sh'
+allowedAuthors:
+  usernames:
+    - mtesauro
+    - devGregA
+    - cneill
+    - Maffooch
+    - blakeaowens
+    - kiblik
+    - dsever
+    - dogboat
+    - hblankenship
+    - valentijnscholten
+notificationList:
+  - '@mtesauro'
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,19 @@
+# Any kind of package updates only need 2 approvals,
+# So let's add three folks here
+requirements.txt @cneill @mtesauro @Maffooch
+# Any dockerfile or compose changes will need to be viewed by
+# these people
+Dockerfile.* @mtesauro @Maffooch 
+docker-compose.* @mtesauro @Maffooch 
+/docker/ @mtesauro @Maffooch 
+# Documentation changes 
+/docs/content/ @paulOsinski @valentijnscholten @Maffooch
+# Kubernetes should be reviewed by reviewed first by those that know it
+/helm/ @cneill @kiblik @Maffooch
+# Anything UI related needs to be checked out by those with the eye for it
+/dojo/static/ @blakeaowens @Maffooch
+/dojo/templates/ @blakeaowens @Maffooch
+# Any model changes should be closely looked at
+/dojo/models.py @Maffooch
+# All other code changes should be reviewed by someone
+* @Maffooch @mtesauro
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,49 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+**Slack us first!**
+The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp.org/slack/invite)
+If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway.
+
+**Be informative**
+Please enter as much information as possible, otherwise we can't provide support. If possible upgrade to the latest release or dev version and try again.
+
+**Bug description**
+A clear and concise description of what the bug is. For errors include at least the exact error message you are seeing (including traceback).
+
+**Steps to reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Deployment method** *(select with an `X`)*
+- [ ] Docker Compose
+- [ ] Kubernetes
+- [ ] GoDojo
+
+**Environment information**
+ - Operating System: [e.g. Ubuntu 18.04]
+ - Docker Compose or Helm version (Output of `docker compose version` or `helm version`)
+ - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
+
+**Logs** 
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+
+**Sample scan files**
+If applicable, add sample scan files to help reproduce your problem.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context** (optional)
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea for DefectDojo
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+## :warning: Note on feature completeness :warning:
+
+We are narrowing the scope of acceptable enhancements to DefectDojo. Learn more here:
+https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
+
+**Is your feature request related to a problem? Please describe**
+A clear and concise description of what the problem is.
+Ex: I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+Ex: As a < role >, I want < some goal > so that < some reason >.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you have considered.
+
+**Additional context**
+Add any other context, screenshots, sketch, code snippet, etc. about the feature request here.
diff --git a/.github/ISSUE_TEMPLATE/importer_request.md b/.github/ISSUE_TEMPLATE/importer_request.md
@@ -0,0 +1,14 @@
+---
+name: New importer request
+about: Request a new importer (scanner) for DefectDojo
+title: ''
+labels: Import Scans
+assignees: ''
+
+---
+
+**Scanner Name**
+Name of the scanner, brief description of the scanner and link.
+
+**Sample File**
+Please attach a sample file and the format of the file (xml, json, csv).
diff --git a/.github/ISSUE_TEMPLATE/security_issue.md b/.github/ISSUE_TEMPLATE/security_issue.md
@@ -0,0 +1,16 @@
+---
+name: Security issue
+about: Report a security issue
+title: Please submit via our security reporting program, not GitHub
+labels: security
+assignees: ''
+
+---
+
+**DefectDojo security reporting program**
+
+If you believe you have found a **security issue** in DefectDojo, please review the [disclosure policy](../../readme-docs/SECURITY.md) and submit your finding via our security reporting program. 
+
+Please, do not submit **security issues** via GitHub directly.
+
+Thank you for helping keep DefectDojo and our users safe!
diff --git a/.github/ISSUE_TEMPLATE/support_request.md b/.github/ISSUE_TEMPLATE/support_request.md
@@ -0,0 +1,49 @@
+---
+name: Support Request
+about: If you need support or are running into some trouble
+title: ''
+labels: support
+assignees: ''
+
+---
+**Slack us first!**
+The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp.org/slack/invite)
+If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway.
+
+**Be informative**
+Please enter as much information as possible, otherwise we can't provide support. If possible upgrade to the latest release or dev branch and try again.
+
+**Problem description**
+A clear and concise description of what the problem is. For errors include at least the exact error message you are seeing (including traceback).
+
+**Steps to reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Deployment method** *(select with an `X`)*
+- [ ] Docker Compose
+- [ ] Kubernetes
+- [ ] GoDojo
+
+**Environment information**
+ - Operating System: [e.g. Ubuntu 18.04]
+ - Docker Compose or Helm version (Output of `docker compose version` or `helm version`)
+ - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
+
+**Logs** 
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+
+**Sample scan files**
+If applicable, add sample scan files to help reproduce your problem.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context** (optional)
+Add any other context about the problem here.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,71 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  target-branch: dev
+  ignore:
+  - dependency-name: whitenoise
+    versions:
+    - ">= 5.a"
+    - "< 6"
+- package-ecosystem: npm
+  directory: "/components"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  target-branch: dev
+  ignore:
+  - dependency-name: bootstrap
+    versions:
+    - ">= 4.a"
+    - "< 5"
+  - dependency-name: bootstrap-social
+    versions:
+    - ">= 5.a"
+    - "< 6"
+  - dependency-name: bootswatch
+    versions:
+    - ">= 4.a"
+    - "< 5"
+  - dependency-name: chosen
+    versions:
+    - ">= 1.a"
+    - "< 2"
+  - dependency-name: drmonty-datatables-responsive
+    versions:
+    - ">= 2.a"
+    - "< 3"
+  - dependency-name: flot
+    versions:
+    - ">= 2.a"
+    - "< 3"
+  - dependency-name: flot
+    versions:
+    - ">= 3.a"
+    - "< 4"
+  - dependency-name: flot
+    versions:
+    - ">= 4.a"
+    - "< 5"
+  - dependency-name: fullcalendar
+    versions:
+    - ">= 5.a"
+    - "< 6"
+  - dependency-name: startbootstrap-sb-admin-2
+    versions:
+    - ">= 3.a"
+    - "< 4"
+  - dependency-name: startbootstrap-sb-admin-2
+    versions:
+    - ">= 4.a"
+    - "< 5"
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10
+  target-branch: dev
+
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,67 @@
+---
+docs:
+  - changed-files:
+    - any-glob-to-any-file:
+      - docs/**/*
+      - readme-docs/**/*
+
+docker:
+  - changed-files:
+    - any-glob-to-any-file:
+      - docker/**/*
+      - docker**
+      - Docker*
+
+helm:
+  - changed-files:
+    - any-glob-to-any-file:
+      - helm/defectdojo/*
+      - helm/defectdojo/**/*
+
+"New Migration":
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/db_migrations/*
+
+unittests:
+  - changed-files:
+    - any-glob-to-any-file:
+      - unittests/**/*
+
+integration_tests:
+  - changed-files:
+    - any-glob-to-any-file:
+      - tests/**/*
+
+settings_changes:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/settings/settings.dist.py
+
+apiv2:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/api_v2/**/*
+
+ui:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/static/**/*
+      - dojo/templates/**/*
+      - dojo/templatetags/**/*
+
+parser:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/tools/**/*
+
+localization:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/locale/*
+      - dojo/locale/**/*
+
+lint:
+  - changed-files:
+    - any-glob-to-any-file:
+      - ruff.toml