Release: Merge release into master from: release/2.5.0 (#5564)

* Update versions in application files

* Update gh-pages.yml

* Bump google-auth from 2.3.2 to 2.3.3 (#5367)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-auth-library-python@v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-imagekit from 4.0.2 to 4.1.0 (#5366)

Bumps [django-imagekit](https://github.com/matthewwithanm/django-imagekit) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/matthewwithanm/django-imagekit/releases)
- [Commits](matthewwithanm/django-imagekit@4.0.2...4.1.0)

---
updated-dependencies:
- dependency-name: django-imagekit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* APIv2: Allow import/reimport by names not only ids (#5342)

* allow import/reimport by names

* cleanup

* cleanup

* update docs

* improvements

* cleanup 2

* cleanup 2

* php inventory changes

* Update dojo/api_v2/views.py

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Update dojo/api_v2/views.py

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* cleanup 3.0

* cleanup 3.0

* cleanup 3.0

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Bump google-api-python-client from 2.28.0 to 2.29.0 (#5365)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-api-python-client@v2.28.0...v2.29.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump lxml from 4.6.3 to 4.6.4 (#5381)

Bumps [lxml](https://github.com/lxml/lxml) from 4.6.3 to 4.6.4.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.6.3...lxml-4.6.4)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.26.0 to v1.27.0 (helm/defectdojo/values.yaml) (#5375)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Update upgrading.md (#5374)

* Update versions in application files

* Bump django-watson from 1.5.5 to 1.6.0 (#5389)

Bumps [django-watson](https://github.com/etianen/django-watson) from 1.5.5 to 1.6.0.
- [Release notes](https://github.com/etianen/django-watson/releases)
- [Changelog](https://github.com/etianen/django-watson/blob/master/CHANGELOG.markdown)
- [Commits](etianen/django-watson@release-1.5.5...release-1.6.0)

---
updated-dependencies:
- dependency-name: django-watson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* main: improve documentation (#5390)

* Update dependency postcss-cli from 9.0.1 to v9.0.2 (docs/package.json) (#5392)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Generate github pages for master + dev branches (#5398)

* pages for master and dev

* pages for master and dev

* Bump numpy from 1.21.3 to 1.21.4 (#5396)

Bumps [numpy](https://github.com/numpy/numpy) from 1.21.3 to 1.21.4.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/HOWTO_RELEASE.rst.txt)
- [Commits](numpy/numpy@v1.21.3...v1.21.4)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update Chart.yaml

* Integration test idempotency (#5397)

* Resolve failing integration test if user existed.
Added is_help_message_present for .help-block
Used non-deprecated selector

* Ensure test_user_notificaitons_change tests
  changes and not just selecting. Test is now
  idempotent instead of just working first time.

* Removing integration test with missing test file.
  Removal based on existing read-only tests within
  user_test.py and lack of test in GitHub Actions.

* Remove trailing whitespace

* Restore entrypoint-integration-tests.sh

* main(tests): remove rabbitmq from unit-tests (#5307)

* main(tests): remove rabbitmq from unit-tests service

* main(tests): remove rabbitmq from unit-tests

* fix(tests): overwrite broker values from dockerfile

* Bump pdfmake from 0.2.2 to 0.2.3 in /components (#5409)

Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.3/CHANGELOG.md)
- [Commits](bpampuch/pdfmake@0.2.2...0.2.3)

---
updated-dependencies:
- dependency-name: pdfmake
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-extensions from 3.1.3 to 3.1.5 (#5408)

Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.1.3 to 3.1.5.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](django-extensions/django-extensions@3.1.3...3.1.5)

---
updated-dependencies:
- dependency-name: django-extensions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove models for legacy api classes (#5387)

* Remove models for legacy api classes

* fix unit tests

* Auth V2 - Remove legacy authorization part 1: Remove legacy auth from templates (#5382)

* remove legacy auth from templates

* remove legacy unit test

* remove dependency check report (#5413)

* fix(helm chart): Update the nginx-prometheus-exporter entrypoint (#5415)

Fix #5414

The entrypoint has been changed between version 0.8.0 and 0.9.0 of the nginx-prometheus-exporter

* Bump google-api-python-client from 2.29.0 to 2.30.0 (#5418)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.29.0 to 2.30.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-api-python-client@v2.29.0...v2.30.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pdfmake from 0.2.3 to 0.2.4 in /components (#5429)

Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.4/CHANGELOG.md)
- [Commits](bpampuch/pdfmake@0.2.3...0.2.4)

---
updated-dependencies:
- dependency-name: pdfmake
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump coverage from 6.1.1 to 6.1.2 (#5428)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.1.1 to 6.1.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@6.1.1...6.1.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump drf-spectacular from 0.20.2 to 0.21.0 (#5427)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.20.2 to 0.21.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](tfranzel/drf-spectacular@0.20.2...0.21.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix integration test users (#5425)

* Fix: sequential integration tests

* Fix: sequential integration tests

* Remove: reload

Co-authored-by: Dubravko Sever <dubravko.sever@pan-net.eu>

* Update rabbitmq Docker tag from 3.9.8 to v3.9.9 (docker-compose.yml) (#5434)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Bump psycopg2-binary from 2.9.1 to 2.9.2 (#5439)

Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.1 to 2.9.2.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.26 to 1.4.27 (#5440)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.26 to 1.4.27.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Move more markdown files to github pages (#5403)

* Update branching-model.md

* remove branching release model from README

* Delete BRANCHING-MODEL.md

* Update README.md

* Update README.md

* Delete REST-APIs.md

* Delete RELEASE-AND-BRANCH-MODEL.md

* Delete GETTING-STARTED.md

* Delete ROADMAP.md

* Update README.md

* Update CONTRIBUTING.md

* Update README.md

* Delete MAINTAINERS.md

* Update security_issue.md

* Update README.md

* move markdown files to docs

* Update docs/content/en/contributing/documentation.md

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Update README.md

* finetune api wrapper section

* add back AVAILABLE plugins page

* Defect Dojo -> DefectDojo

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Integration test warning cleanup (#5445)

* Update all deprecated selenium get_element(s)_by*

* Remove trailing whitespace from user_test.py

* fix dedupe sync usage example (#5446)

* Bump nginx from 1.21.3-alpine to 1.21.4-alpine (#5452)

Bumps nginx from 1.21.3-alpine to 1.21.4-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add dojo license to package.json (#5447)

* Authz: Allow global maintainers/owner to add Product Types (#5410)

* Allow global maintainers/owners to add product types

* add permission check to templates

* add permission check to templates

* rename filter

* feat(saml): configurable login button (#5449)

* Allow to force login form (#5444)

* allow to force login form

* add docs

* feat: make semgrep reports more informative (#5391)

* Add more detailed description for semgrep report.
Add unittests for new description format

* Fix flake errors

* Fix unittest errors

* Fix unittest errors

* Update dojo/tools/semgrep/parser.py

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Add test for new semgrep description

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* remove dojo/user/helper (#5412)

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>

* add build arg for userid integration tests (#5432)

* Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (docker-compose.yml) (#5464)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Add "Forgot password" functionality (#5302)

* Define reset password process

* fix LOGIN_EXEMPT_URLS, add button on log-in screen

* flake8

* replace "Password reset" by "Forgot password"

* add DD_SOCIAL_AUTH_FORGOT_PASSWORD_BUTTON

* change DD_SOCIAL_AUTH_FORGOT_PASSWORD_BUTTON to DD_FORGOT_PASSWORD_BUTTON

* flake8

* change "mail_notifications_from" to "email_from", change first button, override site url, use "email_from" as sending address, handle ConnectionError

* rename DD_FORGOT_PASSWORD_BUTTON to DD_FORGOT_PASSWORD, allow to fail if sending of email is not successful, add integration test, add mailhog to dev and integration tests

* typo

* add docs

* typos

* run mailhog during integration tests on github

* use SMTP for Celery - to be able to send mail notifications

* Bump google-api-python-client from 2.30.0 to 2.31.0 (#5462)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.30.0 to 2.31.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-api-python-client@v2.30.0...v2.31.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump markdown from 3.3.4 to 3.3.5 (#5460)

Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.3.4 to 3.3.5.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Commits](Python-Markdown/markdown@3.3.4...3.3.5)

---
updated-dependencies:
- dependency-name: markdown
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* use buildkit master with bugfix (#5467)

* Bump markdown from 3.3.5 to 3.3.6 (#5470)

Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.3.5 to 3.3.6.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Commits](Python-Markdown/markdown@3.3.5...3.3.6)

---
updated-dependencies:
- dependency-name: markdown
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-polymorphic from 3.0.0 to 3.1.0 (#5469)

Bumps [django-polymorphic](https://github.com/django-polymorphic/django-polymorphic) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/django-polymorphic/django-polymorphic/releases)
- [Changelog](https://github.com/django-polymorphic/django-polymorphic/blob/master/docs/changelog.rst)
- [Commits](jazzband/django-polymorphic@3.0.0...v3.1)

---
updated-dependencies:
- dependency-name: django-polymorphic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump mysqlclient from 2.0.3 to 2.1.0 (#5468)

Bumps [mysqlclient](https://github.com/PyMySQL/mysqlclient) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/PyMySQL/mysqlclient/releases)
- [Changelog](https://github.com/PyMySQL/mysqlclient/blob/main/HISTORY.rst)
- [Commits](PyMySQL/mysqlclient@v2.0.3...v2.1.0)

---
updated-dependencies:
- dependency-name: mysqlclient
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.9.9 Docker digest from 3.9.9 to 3.9.9 (docker-compose.yml) (#5472)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Auth V2 - Remove legacy authorization part 3: Remove feature flag from core classes  (#5458)

* remove dojo/user/helper

* remove FEATURE_AUTHORIZATION_V2 from core classes and API

* Fix for creating multiple groups containing the same Product Type (#5457)

* fix

* revert change for message

* beautify

* Update rabbitmq Docker tag from 3.9.9 to v3.9.10 (docker-compose.yml) (#5475)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Fix for missing API_Scan_Configuration and exception handler (#5455)

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Add support for pushing tags to jira (#5476)

* Bump cryptography from 35.0.0 to 36.0.0 (#5482)

Bumps [cryptography](https://github.com/pyca/cryptography) from 35.0.0 to 36.0.0.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@35.0.0...36.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* new report format (#5478)

* Update rabbitmq:3.9.10 Docker digest from 3.9.10 to 3.9.10 (docker-compose.yml) (#5486)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* optimize GHA unit test (#5488)

* Moved all plot objects into one .js file (#5456)

* Removed all plot objects from corresponding .html files and grouped them into one static .js file

* Attempt #1 to fix failing integration test

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Add EmptyDir for CeleryBeat into /run (#5421)

* Add volumeMounts for celery beat

* Decrease Chart version

* use DEDUPE_ALGO_HASH_CODE for detect-secrets (#5483)

* Update dependency postcss from 8.3.11 to v8.4.0 (docs/package.json) (#5493)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Update labeler.yml

* add tag for each trivy vulnerability (#5479)

Signed-off-by: shubhindia <shubhindia123@gmail.com>

* Update dependency postcss from 8.4.0 to v8.4.1 (docs/package.json) (#5498)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Update DOCKER.md (#5505)

Fixing broken link for "Running in Production"

* Update dependency postcss from 8.4.1 to v8.4.3 (docs/package.json) (#5507)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* go to user view after user add (#5510)

* set default group for all new users (#5501)

* Update dependency postcss from 8.4.3 to v8.4.4 (docs/package.json) (#5512)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Auth V2 - Remove legacy authorization part 4: final removal of FEATURE_AUTHORIZATION_V2 (#5477)

* remove FEATURE_AUTHORIZATION_V2

* flake8

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* fix duplicate notification urls (#5515)

* Update 0066_django_tagulous.py (#5514)

* Nessus: store only standard protocol names (#5471)

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Bump coverage from 6.1.2 to 6.2 (#5520)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.1.2 to 6.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@6.1.2...6.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat(helm): allow disabling initializer job (#5504)

There is initializer.run: true in default values.yaml, but it isn't used anywhere.

I'd like to add the opportunity to disable the initializer job.
Also, it would be great to make it possible to add annotations to the initializer job.

UPD: annotations support for init job was added :)

* Bump humanize from 3.12.0 to 3.13.1 (#5530)

Bumps [humanize](https://github.com/jmoiron/humanize) from 3.12.0 to 3.13.1.
- [Release notes](https://github.com/jmoiron/humanize/releases)
- [Commits](jmoiron/humanize@3.12.0...3.13.1)

---
updated-dependencies:
- dependency-name: humanize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Endpoint Metadata Importer for adding tags/custom fields to Endpoints (#5491)

* Endpoint Metadata Importer for adding tags and custom fields to Endpoints

* fix flake8

* Add api functionality and update docs

* fix flake8

* Add unit test suite

* fix Flake8

* fix Flake8

* Add endpoint to test method list

* Correct unit tests and remove print statements

* Add feature flag an rename private_dns to hostname

* Rename no_private_dns_endpoint_meta_import.csv to no_hostname_endpoint_meta_import.csv

* Make changes requested by Stefan

* Fix Flake8

* seperate API product_name and product_id accessors

* Fix typo

* Fix copy/paste error

* Add endpoint meta import to system settings

* Update Nessus WAS parser to catch the lack of a port in CSV Parser (#5490)

* Update Nessus WAS parser to catch the lack of a port in CSV Parser

* Remove default of '8888' and just leave blank

* Remove default port/protocol

* Fix Flake8

* Add IP address as backup to host

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* main(helm): remove deprecated stable repo (#5450)

* main(helm): remove deprecated stable repo

* fix: rename mysql variable for bitnami chart

* fix(helm): mysql secrets

* main(tests): update kubernetes versions

* main(tests): update kubernetes test strategy

* main(tests): update minikube

* fix(helm): mysql port and documentation

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* move unittests outside dojo folder (#5527)

* move unittests outside dojo folder

* change base class

* cleanup

* cleanup

* cleanup

* cleanup

* fixes

* cleanup

* refactor

* cleanup

* cleanup

* cleanup

* fixes

* fixes

* fixes

* we expect these env variables to be set (#5529)

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Upgrade to Django 3.2 (#5265)

* Upgrade to Django 3.2

* try fork with tagulous fix

* try fork with tagulous fix

* fixes for typos (#5531)

* fix: checkmarx parser aggregation and deduplication with query id (#5506)

this should fix #3958
the aggregation mechanism and deduplication mechanism for checkmarx are now using the same fields
it now uses the query id of checkmarx in the hash code to avoid creating multiple issue for each checkmarx "result"
we keep the aggregation but now we can no longer find duplicates inside a single report

* Bump djangosaml2 from 1.3.4 to 1.3.5 (#5463)

Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.3.4 to 1.3.5.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](IdentityPython/djangosaml2@v1.3.4...v1.3.5)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump redis from 3.5.3 to 4.0.2 (#5481)

Bumps [redis](https://github.com/redis/redis-py) from 3.5.3 to 4.0.2.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@3.5.3...v4.0.2)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.31.0 to 2.32.0 (#5536)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.31.0 to 2.32.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-api-python-client@v2.31.0...v2.32.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* bump django to 3.2.9 (#5539)

* fix files api (#5509)

* Move unit test leftovers (#5543)

* Move unit test leftovers

* fix for FlexibleImportTestAPI

* fix for the fix

* remove duplicated `{{block.super}}` lines (#5545)

* Update express_new_jira.html

* remove duplicate block.super

* Update rabbitmq Docker tag from 3.9.10 to v3.9.11 (docker-compose.yml) (#5541)

* Update rabbitmq Docker tag from 3.9.10 to v3.9.11 (docker-compose.yml)

* Update docker-compose.yml

not sure what happened, maybe they republished with a different image/checksum

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Auth V2 - Remove legacy authorization part 5: Removal of authorized users (#5518)

* remove authorized users

* rename db migration after rebase

* release notes

* bugfix for missed staff legacy removal

* flake8

* more flake8

* next flake8

* added removal of user migration to release notes

* rename db migration after rebase

* use GHA caching for integration tests (#5495)

* use GHA caching for integration tests

* Update integration-tests.yml

* Add organizational blocks around metrics.js files (#5544)

* Update rabbitmq:3.9.11 Docker digest from 3.9.11 to 3.9.11 (docker-compose.yml) (#5546)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* remove findingimages leftovers (#5540)

* Add support for files in generic parser (#5508)

* Add support for files in generic parser

* Update models.py

* Add documentation

* Update docs/content/en/integrations/import.md

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Update docs/content/en/integrations/import.md

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Update docs/content/en/integrations/import.md

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* changes after move of unit tests

Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* fix staff permission to add product types (#5551)

* typo and missing parser (#5548)

* Set default_auto_field after migration to Django 3.2 (#5552)

fixes #5538

* fix checkmarx false positive import (#5484)

* Autocreate product / engagement during (re)import (#5492)

* Smart Import

* cleanup

* fix push to jira logic

* add docs

* add jira testcases

* comments

* create ci/cd engagements

* fix target start/end

* cleanup

* set owner for created models

* autocreate for reimport

* cleanup

* reimport authz tests

* cleanup

* add docs

* update unit test paths

* update unit test paths

* update unit test paths

* fix unit tests

* fix metatdata dict code

* fix tests

* fix merge artifacts

* fix merge artifacts

* Added info on upgrading godojo installs of DefectDojo to the docs (#5561)

* Add asynchronous re/imports (disabled by default) (#5553)

* Add asynchronous re/imports (disabled by default)

* Fix Flake8 Violations

* Update unit tests

* Update importer.py

* Update progress typo

* fix image migation for duplicate captions (#5549)

* api: update reimport docstring (#5560)

* Update views.py

* Update views.py

* Update views.py

* Fix alias paths in nginx config (#5557)

* Update nginx.conf

fix alias path

* Update nginx_TLS.conf

fix alias path

* Respect `scan_date` at import time for all findings imported (#5547)

* Respect `scan_date` at import time for all findings imported

* Update scan_date set logic

* Add more unit tests

* Remove first attempt at unit test

* Add documentation and set default import date to be timezone considerate

* Make scan_date optional field

* Update test_importers_importer.py

* Update api scan_date validation

* Fix required false issue

* Update docs title

* Remove default date from unit tests

* Update versions in application files

Co-authored-by: DefectDojo release bot <dojo-release-bot@users.noreply.github.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: alles-klar <jannik-j@t-online.de>
Co-authored-by: CharlieSears <charlie.sears@gmail.com>
Co-authored-by: bgoareguer <43874676+bgoareguer@users.noreply.github.com>
Co-authored-by: Sever <dubravko.sever@gmail.com>
Co-authored-by: Dubravko Sever <dubravko.sever@pan-net.eu>
Co-authored-by: Shubham Gopale <shubhindia123@gmail.com>
Co-authored-by: kiblik <tomas@kubla.sk>
Co-authored-by: Artem Tykhonov <artem@macpaw.com>
Co-authored-by: blakeaowens <76979297+blakeaowens@users.noreply.github.com>
Co-authored-by: rsaiprashanth <prashanth.vy607@gmail.com>
Co-authored-by: qlimenoque <49155800+qlimenoque@users.noreply.github.com>
Co-authored-by: Julien Caillon <julien.caillon@gmail.com>
Co-authored-by: Damien Carol <damien.carol@gmail.com>
Co-authored-by: ptrovatelli <34663482+ptrovatelli@users.noreply.github.com>
Co-authored-by: Matt Tesauro <mtesauro@gmail.com>
Co-authored-by: Assylbek <39023505+tutasla@users.noreply.github.com>

.github/ISSUE_TEMPLATE/security_issue.md

@@ -9,7 +9,7 @@ assignees: ''
 
 **DefectDojo security reporting program**
 
-If you believe you have found a **security issue** in DefectDojo, please review the [disclosure policy](https://github.com/DefectDojo/django-DefectDojo/blob/master/SECURITY.md) and submit your finding via our security reporting program. 
+If you believe you have found a **security issue** in DefectDojo, please review the [disclosure policy](../../readme-docs/SECURITY.md) and submit your finding via our security reporting program. 
 
 Please, do not submit **security issues** via GitHub directly.
 

.github/labeler.yml

@@ -1,20 +1,23 @@
 docs:
-- any: ['docs/**/*', 'readme-docs/**/*']
+- docs/**/*
+- readme-docs/**/*
 
 docker:
-- any: ['docker/**/*', 'docker**', 'Docker*']
+- docker/**/*
+- docker**
+- Docker*
 
 "New Migration":
-- any: ['dojo/db_migrations/*']
+- dojo/db_migrations/*
 
 unittests:
-- any: ['dojo/unittests/**/*']
+- unittests/**/*
 
 integration_tests:
-- any: ['tests/**/*']
+- tests/**/*
 
 settings_changes:
-- any: ['dojo/settings/settings.dist.py']
+- dojo/settings/settings.dist.py
 
 apiv2:
-- any: ['dojo/api_v2/**/*']
+- dojo/api_v2/**/*

.github/workflows/integration-tests.yml

@@ -43,19 +43,10 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        uses: actions/cache@v2
-        env:
-          docker-image: ${{ matrix.docker-image }}
         with:
-          path: /tmp/.buildx-cache-${{ env.docker-image }}
-          key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }}-${{ github.run_id }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}
-
+          buildkitd-flags: --debug
+          driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
+
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v2
@@ -68,9 +59,9 @@ jobs:
             ${{ env.DD_DOCKER_REPO }}/defectdojo-${{ env.docker-image }}:latest
           file: Dockerfile.${{ env.docker-image }}
           outputs: type=docker,dest=${{ env.docker-image }}_img
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
-
+          cache-from: type=gha,scope=${{ matrix.docker-image }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }}
+          
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         uses:  actions/upload-artifact@v2
@@ -134,7 +125,7 @@ jobs:
 
       - name: Start Dojo
         # implicity starts uwsgi and rabbitmq
-        run: docker-compose up -d mysql nginx celerybeat celeryworker
+        run: docker-compose up -d mysql nginx celerybeat celeryworker mailhog
 
       - name: Initialize
         run: docker-compose up --exit-code-from initializer initializer

.github/workflows/k8s-testing.yml

@@ -108,9 +108,22 @@ jobs:
 
     strategy:
       matrix:
-        databases: [pgsql, mysql]
-        brokers: [redis, rabbit]
-        k8s: ['v1.16.0','v1.20.0']
+        include:
+          # databases, broker and k8s are independent, so we don't need to test each combination
+          # lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws
+          # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
+          - databases: pgsql
+            brokers: redis
+            k8s: 'v1.18.16'
+          - databases: mysql
+            brokers: rabbit
+            k8s: 'v1.18.16'
+          - databases: pgsql
+            brokers: rabbit
+            k8s: 'v1.22.0'
+          - databases: mysql
+            brokers: redis
+            k8s: 'v1.22.0'
 
     steps:
 #      - name: Login to DockerHub
@@ -124,7 +137,7 @@ jobs:
       - name: Setup Minikube
         uses: manusa/actions-setup-minikube@v2.4.2
         with:
-          minikube version: 'v1.22.0'
+          minikube version: 'v1.24.0'
           kubernetes version: ${{ matrix.k8s }}
           driver: docker
           start args: '--addons=ingress'
@@ -145,7 +158,6 @@ jobs:
 
       - name: Configure HELM repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
@@ -172,7 +184,7 @@ jobs:
                ${{ steps.set.outputs[matrix.databases] }} \
                ${{ steps.set.outputs[matrix.brokers] }} \
                --set createSecret=true \
-              #  --set imagePullSecrets=defectdojoregistrykey
+               # --set imagePullSecrets=defectdojoregistrykey
 
       - name: Check deployment status
         run: |-

.github/workflows/new-release-chart.yml

@@ -35,7 +35,6 @@ jobs:
           version: v3.4.0
       - name: Configure HELM repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo

.github/workflows/new-release-tag-docker.yml

@@ -36,7 +36,6 @@ jobs:
           version: v3.4.0
       - name: Configure Helm repos
         run: |
-          helm repo add stable https://charts.helm.sh/stable
           helm repo add bitnami https://charts.bitnami.com/bitnami
           helm dependency list ./helm/defectdojo
           helm dependency update ./helm/defectdojo

.github/workflows/test-helm-chart.yml

@@ -30,7 +30,6 @@ jobs:
 
       - name: Configure Helm repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo

.github/workflows/unit-tests.yml

@@ -39,7 +39,8 @@ jobs:
         uses: docker/setup-buildx-action@v1
         with:
           buildkitd-flags: --debug
-
+          driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
+
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v2
@@ -60,7 +61,7 @@ jobs:
 
       # phased startup so we can use the exit code from unit test container
       - name: Start MySQL
-        run: docker-compose up -d
+        run: docker-compose up -d mysql
 
       # no celery or initializer needed for unit tests
       - name: Unit tests

Dockerfile.django

@@ -5,11 +5,12 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as build
+FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as base
+FROM base as build
 WORKDIR /app
 RUN \
   apt-get -y update && \
-  apt-get -y install \
+  apt-get -y install --no-install-recommends \
     build-essential \
     dnsutils \
     default-mysql-client \
@@ -25,7 +26,7 @@ RUN \
 COPY requirements.txt ./
 RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
 
-FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012
+FROM base as django
 WORKDIR /app
 ARG uid=1001
 ARG appuser=defectdojo
@@ -136,3 +137,6 @@ ENV \
   DD_DJANGO_METRICS_ENABLED="False"
 RUN mkdir -p media && mkdir -p media/threat && chown -R ${uid} media
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]
+
+FROM django as django-unittests
+COPY unittests/ ./unittests/

Dockerfile.integration-tests

@@ -45,7 +45,8 @@ COPY tests/ ./tests/
 
 RUN chmod -R 0777 /app
 
-USER 1001
+ARG uid=1001
+USER ${uid}
 ENV \
   DD_ADMIN_USER=admin \
   DD_ADMIN_PASSWORD='' \

Dockerfile.nginx

@@ -32,7 +32,7 @@ ENV \
   node="nodejs"
 RUN \
   apt-get -y update && \
-  apt-get -y install apt-transport-https ca-certificates curl wget && \
+  apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl wget && \
   curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \
   echo 'deb https://deb.nodesource.com/node_14.x buster main' > /etc/apt/sources.list.d/nodesource.list && \
   echo 'deb-src https://deb.nodesource.com/node_14.x buster main' >> /etc/apt/sources.list.d/nodesource.list && \
@@ -42,7 +42,7 @@ RUN \
   wget https://github.com/yarnpkg/yarn/releases/download/v1.22.10/yarn_1.22.10_all.deb && \
   dpkg -i yarn_1.22.10_all.deb && \
   echo "$(yarn --version)" && \
-  apt-get -y install nodejs && \
+  apt-get -y install --no-install-recommends nodejs && \
   echo "$(node --version)" && \
   apt-get clean && \
   rm yarn_1.22.10_all.deb && \
@@ -65,7 +65,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.21.3-alpine@sha256:1ff1364a1c4332341fc0a854820f1d50e90e11bb0b93eb53b47dc5e10c680116
+FROM nginx:1.21.4-alpine@sha256:12aa12ec4a8ca049537dd486044b966b0ba6cd8890c4c900ccb5e7e630e03df0
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

README.md

@@ -11,14 +11,14 @@ vulnerability management platform.
 DefectDojo allows you to manage your application security program, maintain
 product and application information, triage vulnerabilities and
 push findings to systems like JIRA and Slack. DefectDojo enriches and
-refines vulnerability data using a number of heuristic algrothims that
+refines vulnerability data using a number of heuristic algorithms that
 improve with the more you use the platform.
 
 ## Demo
 
 Try out the demo sever at [demo.defectdojo.org](https://demo.defectdojo.org)
 
-Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is pubicly accessable and regularly reset. Do not put sensitive data in the demo.
+Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessable and regularly reset. Do not put sensitive data in the demo.
 
 ## Quick Start
 
@@ -39,21 +39,10 @@ Navigate to <http://localhost:8080>.
 
 ## Documentation
 
-### [Official docs](https://defectdojo.github.io/django-DefectDojo/)
-
-### [Getting Started](readme-docs/GETTING-STARTED.md)
-
-### [REST APIs](readme-docs/REST-APIs.md)
-
-### [Client APIs and Wrappers](readme-docs/CLIENT-APIs-AND_WRAPPERS.md)
-
-### [Release and Branch Model](readme-docs/RELEASE-AND-BRANCH-MODEL.md)
-
-### [Contributing](readme-docs/CONTRIBUTING.md)
-
-### [Roadmap](readme-docs/ROADMAP.md)
-
-### [Wishlist](readme-docs/WISHLIST.md)
+- [Official docs](https://defectdojo.github.io/django-DefectDojo/) ([latest](https://defectdojo.github.io/django-DefectDojo/) | [dev](https://defectdojo.github.io/django-DefectDojo/dev))
+- [REST APIs](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/)
+- [Client APIs and Wrappers](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/#clients--api-wrappers)
+- [Authentication options](readme-docs/AVAILABLE-PLUGINS.md)
 
 ## Supported Installation Options
 
@@ -71,6 +60,9 @@ Navigate to <http://localhost:8080>.
 [Join the slack community](https://owasp-slack.herokuapp.com/) and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
 Follow DefectDojo on [Twitter](https://twitter.com/defectdojo), [Linkedin](https://www.linkedin.com/company/defectdojo), and [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
 
+## Contributing
+See our [Contributing guidelines](readme-docs/CONTRIBUTING.md)
+
 ## Commercial Support and Training
 Commercial support and training is availaible through [10Security](https://10security.com).
 
@@ -80,24 +72,21 @@ For information please email info@10security.com or visit our [site](https://10s
 ## About Us
 
 DefectDojo is maintained by:
+* Greg Anderson ([@devGregA](https://github.com/devgrega) | [linkedin](https://www.linkedin.com/in/g-anderson/))
+* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver)| [linkedin](https://www.linkedin.com/in/aweaver/) | [@weavera](https://twitter.com/weavera))
+* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [linkedin](https://www.linkedin.com/in/matttesauro/) | [@matt_tesauro](https://twitter.com/matt_tesauro))
 
-* [Greg Anderson](https://www.linkedin.com/in/g-anderson/)
-* [Aaron Weaver](https://www.linkedin.com/in/aweaver/) ([@weavera](https://twitter.com/weavera))
-* [Matt Tesauro](https://www.linkedin.com/in/matttesauro/) ([@matt_tesauro](https://twitter.com/matt_tesauro))
-
-
-## Project Moderators
+Core Moderators can help you with pull requests or feedback on dev ideas:
+* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) | [sponsor](https://github.com/sponsors/valentijnscholten) | [linkedin](https://www.linkedin.com/in/valentijn-scholten/))
+* Fred Blaise ([@madchap](https://github.com/madchap) | [linkedin](https://www.linkedin.com/in/fredblaise/))
+* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [linkedin](https://www.linkedin.com/in/cody-maffucci))
 
-Project Moderators can help you with pull requests or feedback on dev ideas.
-
-* [Alex Dracea](https://www.linkedin.com/in/alexandru-marin-dracea-910b51122/)
-* [Valentijn Scholten](https://github.com/valentijnscholten) ([sponsor](https://github.com/sponsors/valentijnscholten) | [linkedin](https://www.linkedin.com/in/valentijn-scholten/))
-* Jannik Jürgens
-* [Fred Blaise](https://www.linkedin.com/in/fredblaise/)
-* [Cody Maffucci](https://www.linkedin.com/in/cody-maffucci)
-* Pascal Trovatelli / [Sopra Steria](https://www.soprasteria.com/)
-* [Damien Carol](https://www.linkedin.com/in/damien-carol/)
-* [Stefan Fleckenstein](https://www.linkedin.com/in/stefan-fleckenstein-6a456a30/)
+Moderators can help you with pull requests or feedback on dev ideas:
+* Damien Carol ([@damnielcarol](https://github.com/damiencarol) | [linkedin](https://www.linkedin.com/in/damien-carol/))
+* Stefan Fleckenstein ([@StefanFl](https://github.com/stefanfl) | ([linkedin](https://www.linkedin.com/in/stefan-fleckenstein-6a456a30/))
+* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))
+* Pascal Trovatelli ([@ptrovatelli](https://github.com/ptrovatelli) | [Sopra Steria](https://www.soprasteria.com/))
+* Alex Dracea ([linkedin](https://www.linkedin.com/in/alexandru-marin-dracea-910b51122/))
 
 
 ## Hall of Fame
@@ -117,6 +106,10 @@ Project Moderators can help you with pull requests or feedback on dev ideas.
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/WHP.png" github-user="mtesauro" alt="WeHackPurle" height="120" />](https://wehackpurple.com/)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/maibornwolff-logo.png" github-user="StefanFl" alt="MiabornWolff" height="120" />]((https://www.maibornwolff.de/en))
 
+## Security
+
+Please report Security issues via our [disclosure policy](readme-docs/SECURITY.md).
+
 ## License
 
 DefectDojo is licensed under the [BSD Simplified license](LICENSE.md)

components/package.json

@@ -1,6 +1,7 @@
 {
   "name": "defectdojo",
-  "version": "2.4.1",
+  "version": "2.5.0",
+  "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {
     "JUMFlot": "jumjum123/JUMFlot#*",
@@ -36,7 +37,7 @@
     "metismenu": "~3.0.7",
     "moment": "^2.29.1",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.2.2",
+    "pdfmake": "^0.2.4",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {