Merge pull request #12272 from DefectDojo/master-into-bugfix/2.45.2-2.46.0-dev

Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev

Author: rossops

.github/workflows/gh-pages.yml

@@ -19,7 +19,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22.14.0'
 

.github/workflows/validate_docs_build.yml

@@ -16,7 +16,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22.14.0'
 

docs/content/en/open_source/contributing/how-to-write-a-parser.md

@@ -37,7 +37,8 @@ $ docker compose build --build-arg uid=1000
 |`unittests/scans/<parser_dir>/{many_vulns,no_vuln,one_vuln}.json` | Sample files containing meaningful data for unit tests. The minimal set.
 |`unittests/tools/test_<parser_name>_parser.py` | Unit tests of the parser.
 |`dojo/settings/settings.dist.py`               | If you want to use a modern hashcode based deduplication algorithm
-|`doc/content/en/integrations/parsers/<file/api>/<parser_file>.md` | Documentation, what kind of file format is required and how it should be obtained 
+|`docs/content/en/connecting_your_tools/parsers/<file/api>/<parser_file>.md` | Documentation, what kind of file format is required and how it should be obtained 
+    
 
 ## Factory contract
 
@@ -50,7 +51,7 @@ Parsers are loaded dynamicaly with a factory pattern. To have your parser loaded
 3. The name of this class **MUST** be the Python module name without underscores and with `Parser` suffix.
    - ex: `dojo.tools.my_tool.parser.MyToolParser`
 4. This class **MUST** have an empty constructor or no constructor
-5. This class **MUST** implement 3 methods:
+5. This class **MUST** implement 4 methods:
    1. `def get_scan_types(self)` This function return a list of all the *scan_type* supported by your parser. This identifiers are used internally. Your parser can support more than one *scan_type*. For example some parsers use different identifier to modify the behavior of the parser (aggregate, filter, etc...)
    2. `def get_label_for_scan_types(self, scan_type):` This function return a string used to provide some text in the UI (short label)
    3. `def get_description_for_scan_types(self, scan_type):` This function return a string used to provide some text in the UI (long description)
@@ -357,7 +358,7 @@ If you want to take a look at previous parsers that are now part of DefectDojo,
 
 ## Update the import page documentation
 
-Please add a new .md file in [`docs/content/en/integrations/parsers`] with the details of your new parser.  Include the following content headings:
+Please add a new .md file in [`docs/content/en/connecting_your_tools/parsers`] with the details of your new parser.  Include the following content headings:
 
 * Acceptable File Type(s) - please include how to generate this type of file from the related tool, as some tools have multiple methods or require specific commands.
 * An example unit test block, if applicable.

docs/content/en/open_source/upgrading/2.46.md

@@ -0,0 +1,81 @@
+---
+title: 'Upgrading to DefectDojo Version 2.46.x'
+toc_hide: true
+weight: -20250407
+description: Tag Formatting Changes + Import Payload Changes
+---
+
+### Tag Formatting Update
+
+Tags can no longer contain the following characters:
+
+- **Commas (,)**
+- **Quotations** (both single `'` and double `"`)
+- **Spaces**
+
+#### Automatic Migration
+
+To ensure a smooth transition, an automatic migration will be applied to existing tags as follows:
+
+- **Commas** → Replaced with **hyphens (`-`)**
+- **Quotations** (single and double) → **Removed**
+- **Spaces** → Replaced with **underscores (`_`)**
+
+#### Examples
+
+- `example,tag` → `example-tag`
+- `'SingleQuoted'` → `SingleQuoted`
+- `"DoubleQuoted"` → `DoubleQuoted`
+- `space separated tag` → `space_separated_tag`
+
+#### Why This Change?
+
+This update improves consistency, enhances search capabilities, and aligns with best practices for tag formatting.
+
+#### Recommended Actions
+
+We recommend reviewing your current tags, specifically CI/CD processes before upgrading to ensure they align with the new format. Performing a database backup is also suggested as this migration cannot be reverted.
+
+Following the deployment of these new behaviors, requests sent to the API or through the UI with any of the violations listed above will result in an error, with the details of the error raised in the response.
+
+---
+
+### Asynchronous Import deprecation in 2.47.0
+
+Please note that asynchronous import is already deprecated and will be removed in version 2.47.0. If you haven't migrated from this feature yet, we recommend doing so.
+
+### Import / Reimport Statistics Delta
+
+Following a successful import or reimport, a JSON blob for `statistics` is generated to provide the differential of finding activity.
+There was a section in the `delta` JSON blob that referred to a key labeled `left untouched`. This value does not comply with REST
+norms, and has been renamed to `untouched`. Here is a before and after to make it clear:
+
+Before:
+
+    "statistics": {
+        "before": {},
+        "delta": {
+        "created": {},
+        "closed": {},
+        "reactivated": {},
+        "left untouched": {}
+        },
+        "after": {}
+    }
+
+After:
+
+    "statistics": {
+        "before": {},
+        "delta": {
+        "created": {},
+        "closed": {},
+        "reactivated": {},
+        "untouched": {}
+        },
+        "after": {}
+    }
+
+---
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.46.0) for the contents of the release.