Release 2.55.0: Merge Bugfix into Dev

docs/assets/js/custom.js

@@ -1 +1,60 @@
-// Put your custom JS code here
+// custom js
+
+
+// version toggler
+(() => {
+    "use strict";
+
+    console.log("[VersionToggle] custom.js loaded");
+
+    const setVersion = (version) => {
+        console.log("[VersionToggle] Setting version to:", version);
+
+        document.querySelectorAll(".version-opensource, .version-pro").forEach(el => {
+            el.style.display = el.classList.contains(`version-${version}`) ? "" : "none";
+        });
+
+        localStorage.setItem("version", version);
+        console.log("[VersionToggle] localStorage updated:", localStorage.getItem("version"));
+
+        // Update dropdown
+        const selects = document.querySelectorAll("#version-select");
+        selects.forEach(sel => {
+            sel.value = version;
+            sel.dataset.version = version;
+            sel.style.visibility = "visible";
+        });
+
+        // unhide sidebar after version is applied
+        const sidebar = document.querySelector(".docs-sidebar");
+        if (sidebar) {
+            sidebar.style.visibility = "visible";
+            console.log("[VersionToggle] Sidebar revealed");
+        }
+    };
+
+    const initVersionToggle = () => {
+        const storedVersion = localStorage.getItem("version") || "opensource";
+        console.log("[VersionToggle] Stored version:", storedVersion);
+        setVersion(storedVersion);
+    };
+
+    // Delegated listener on body
+    document.body.addEventListener("change", (e) => {
+        if (e.target && e.target.id === "version-select") {
+            console.log("[VersionToggle] Dropdown changed to:", e.target.value);
+            setVersion(e.target.value);
+        }
+    });
+
+    // Run on DOM ready
+    window.addEventListener("DOMContentLoaded", initVersionToggle);
+
+    // MutationObserver to detect dynamically replaced sidebar
+    const observer = new MutationObserver(() => {
+        // Re-run init to make sure menus match stored version
+        initVersionToggle();
+    });
+    observer.observe(document.body, { childList: true, subtree: true });
+
+})();

docs/assets/scss/common/_custom.scss

@@ -43,4 +43,38 @@
   .DocSearch-Modal {
     position: fixed !important;
   }
+}
+
+.logo-darkmode {
+  display: none;
+}
+
+[data-bs-theme="dark"] .logo-lightmode {
+  display: none;
+}
+
+[data-bs-theme="dark"] .logo-darkmode {
+  display: inline-block;
+}
+
+html {
+  font-size: 85%; /* scales all rem/em fonts */
+}
+
+/* Hide sidebar until version is resolved */
+.docs-sidebar {
+  visibility: hidden;
+}
+
+
+#version-select[data-version="opensource"] {
+  background-color: #003964b7;
+  border: 2px solid #003864;
+  color: white;
+}
+
+#version-select[data-version="pro"] {
+  background-color: #a84e32b7;
+  border: 2px solid #a84e32;
+  color: white;
 }

docs/config/_default/menus/menus.en.toml

@@ -1,28 +1,48 @@
 [[main]]
-  name = "Docs Home"
-  url = "/en/about_defectdojo/about_docs/"
+  name = "Get started ⏷"
+  url = "/get_started/about/about_defectdojo"
   weight = 10
 
 [[main]]
-  name = "Supported Tools"
-  url = "/supported_tools/"
-  weight = 11
+  name = "Import data ⏷"
+  url = "/import_data/import_intro/comparison/"
+  weight = 12
 
 [[main]]
-  name = "Pro Features"
-  url = "/en/about_defectdojo/pro_features"
+  name = "Triage Findings ⏷"
+  url = "/triage_findings/findings_workflows/intro_to_findings/"
   weight = 12
 
 [[main]]
-  name = "Changelog"
-  url = "/en/changelog/changelog/"
+  name = "Model your assets ⏷"
+  url = "/asset_modelling/hierarchy/pro__assets_organizations/"
   weight = 13
 
 [[main]]
-  name = "Support"
-  url = "/en/about_defectdojo/contact_defectdojo_support"
+  name = "Metrics & reports ⏷"
+  url = "/metrics_reports/dashboards/introduction_dashboard/"
   weight = 14
 
+[[main]]
+  name = "Admin ⏷"
+  url = "/admin/admin_intro/intro/"
+  weight = 16
+
+[[main]]
+  name = "Issue tracking ⏷"
+  url = "/issue_tracking/intro/intro/"
+  weight = 15
+
+[[main]]
+  name = "Automation ⏷"
+  url = "/automation/api/api-v2-docs/"
+  weight = 15
+
+[[main]]
+  name = "Supported tools ⏷"
+  url = "/supported_tools/"
+  weight = 16
+
 [[social]]
   name = "YouTube"
   pre = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-youtube" viewBox="0 0 16 16"><path d="M8.051 1.999h.089c.822.003 4.987.033 6.11.335a2.01 2.01 0 0 1 1.415 1.42c.101.38.172.883.22 1.402l.01.104.022.26.008.104c.065.914.073 1.77.074 1.957v.075c-.001.194-.01 1.108-.082 2.06l-.008.105-.009.104c-.05.572-.124 1.14-.235 1.558a2.01 2.01 0 0 1-1.415 1.42c-1.16.312-5.569.334-6.18.335h-.142c-.309 0-1.587-.006-2.927-.052l-.17-.006-.087-.004-.171-.007-.171-.007c-1.11-.049-2.167-.128-2.654-.26a2.01 2.01 0 0 1-1.415-1.419c-.111-.417-.185-.986-.235-1.558L.09 9.82l-.008-.104A31 31 0 0 1 0 7.68v-.123c.002-.215.01-.958.064-1.778l.007-.103.003-.052.008-.104.022-.26.01-.104c.048-.519.119-1.023.22-1.402a2.01 2.01 0 0 1 1.415-1.42c.487-.13 1.544-.21 2.654-.26l.17-.007.172-.006.086-.003.171-.007A100 100 0 0 1 7.858 2zM6.4 5.209v4.818l4.157-2.408z"/></svg>'

docs/config/_default/params.toml

@@ -44,9 +44,21 @@ mainSections = ["docs"]
   bootstrapJavascript = false # false (default) or true
 
   # Nav
-  sectionNav = ["docs", "en", "supported_tools"] # ["docs"] (default) or list of sections (e.g. ["docs", "guides"])
+  sectionNav = [
+    "docs",
+    "en",
+    "supported_tools",
+    "get_started",
+    "import_data",
+    "triage_findings",
+    "metrics_reports",
+    "admin",
+    "automation",
+    "asset_modelling",
+    "issue_tracking"] # ["docs"] (default) or list of sections (e.g. ["docs", "guides"])
+
   toTopButton = false # false (default) or true
-  breadcrumbTrail = true # false (default) or true
+  breadcrumbTrail = false # false (default) or true
   headlineHash = true # true (default) or false
   scrollSpy = true # true (default) or false
 

docs/content/admin/admin_intro/_index.md

@@ -0,0 +1,16 @@
+---
+title: "Intro"
+description: ""
+summary: ""
+date: 2023-09-07T16:06:50+02:00
+lastmod: 2023-09-07T16:06:50+02:00
+draft: false
+weight: 3
+chapter: true
+seo:
+  title: "" # custom title (optional)
+  description: "" # custom description (recommended)
+  canonical: "" # custom canonical URL (optional)
+  robots: "" # custom robot tags (optional)
+exclude_search: true
+---

docs/content/admin/admin_intro/intro.md

@@ -0,0 +1,9 @@
+---
+title: "DefectDojo Admin Controls"
+description: "Administrative controls for configuring, securing, and maintaining your DefectDojo instance."
+weight: 0
+---
+
+Admin actions in DefectDojo provide the controls needed to configure and maintain the platform across your organization. These actions are designed for administrators who are responsible for user management, system configuration, and ensuring DefectDojo operates securely and reliably at scale.
+
+Administrative actions allow you to manage core aspects of DefectDojo, including authentication methods, user access, global settings, and integrations. From initial setup to ongoing maintenance, these controls define how DefectDojo behaves and how users interact with it.

docs/content/en/customize_dojo/notifications/_index.md → docs/content/admin/notifications/_index.md

@@ -6,8 +6,6 @@ lastmod: 2023-09-07T16:06:50+02:00
 draft: false
 weight: 7
 chapter: true
-sidebar:
-  collapsed: true
 seo:
   title: "" # custom title (optional)
   description: "" # custom description (recommended)

docs/content/en/customize_dojo/notifications/about_notifications.md → docs/content/admin/notifications/about_notifications.md

@@ -74,4 +74,4 @@ For more information about this behavior see the [related pull request #9699](ht
 
 ### Webhooks (experimental)
 
-DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/en/open_source/notification_webhooks/how_to).
+DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/open_source/notification_webhooks/how_to).

docs/content/en/customize_dojo/user_management/_index.md → docs/content/admin/user_management/_index.md

@@ -7,8 +7,6 @@ lastmod: 2023-09-07T16:06:50+02:00
 draft: false
 weight: 5
 chapter: true
-sidebar:
-  collapsed: true
 seo:
   title: "" # custom title (optional)
   description: "" # custom description (recommended)

docs/content/en/customize_dojo/user_management/configure_sso.md → docs/content/admin/user_management/configure_sso.md

@@ -16,7 +16,7 @@ Users can connect to DefectDojo with a Username and Password, but if you prefer,
 
 All of these methods can only be configured by a Superuser in DefectDojo.  DefectDojo Pro users can quickly set up SSO through their system settings, while Open Source users will need to configure these settings on the back-end by setting an environment variable within Docker.  This article covers both methods of configuration.
 
-**NOTE: DefectDojo Pro users will all need to add the IP addresses of SAML or SSO services to their Firewall whitelist.  See [Firewall Rules](/en/cloud_management/using-cloud-manager/#changing-your-firewall-settings) for more information.**
+**NOTE: DefectDojo Pro users will all need to add the IP addresses of SAML or SSO services to their Firewall whitelist.  See [Firewall Rules](/get_started/pro/cloud/using-cloud-manager/#changing-your-firewall-settings) for more information.**
 
 ## Disable username / password use
 You may wish to disable traditional username/password login on your instance.
@@ -70,7 +70,7 @@ Both <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span>
 
 ### Open-Source
 
-Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](/en/open_source/installation/configuration/)).
+Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](/get_started/open_source/configuration/)).
 
 1. Fill out the variables as follows:
     {{< highlight python >}}
@@ -143,7 +143,7 @@ When a user is removed from a given group in Azure AD, they will also be removed
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
 
@@ -215,7 +215,7 @@ Both <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span>
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
     {{< highlight python >}}
@@ -261,7 +261,7 @@ Follow along below.
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
     {{< highlight python >}}
@@ -323,7 +323,7 @@ In order to use Google Authentication, a Google Authentication Server will need
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
 
@@ -407,7 +407,7 @@ This guide assumes you already have a KeyCloak Realm set up.  If not, you will n
 ### Open-Source
 
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
 
@@ -495,7 +495,7 @@ Both <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span>
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
 1.  Set the following environment variables
 
@@ -621,7 +621,7 @@ The left side of the ‘=’ sign represents the attribute you want to map from
 ### Open-Source SAML
 
 1.  Navigate to your SAML IdP and find your metadata.
-2.  Set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+2.  Set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)).
 
     {{< highlight python >}}
     DD_SAML2_ENABLED=(bool, **True**),

docs/content/admin/user_management/pro_permissions_overhaul.md

@@ -0,0 +1,52 @@
+---
+title: "Set Permissions in Pro"
+description: "Overhaul, pro feature"
+weight: 3
+audience: pro
+---
+
+## Introduction to Permission Types
+
+Individual users have four different kinds of permission that they can be assigned:
+
+* Users can be assigned as **Members to Products or Product Types**. This allows them to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on the role they are assigned on the specific Product. Users can have multiple Product or Product Type memberships, with different levels of access.  
+​
+* Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types.  
+​
+* Users can be assigned **Global Roles**, which give them a standardized level of access to all Products and Product Types.  
+​
+* Users can be set up as **Superusers**: administrator level roles which give them control and access to all DefectDojo data and configuration.
+
+You can also create Groups if you want to assign Product Membership, Configuration Permissions or Global Roles to a group of users at the same time. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups may be a more helpful feature. 
+
+## Superusers \& Global Roles
+
+Part of your Role\-Based Access Control (RBAC) configuration may require you to create additional Superusers, or users with Global Roles.
+
+* Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts.
+* Users with Global Roles can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. For more information about each Role and associated privileges, please refer to our Introduction to Roles article.
+* Users can also have specific Configuration Permissions assigned, allowing them to access certain DefectDojo configuration pages. Users have no Configuration Permissions by default.
+
+By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user.
+
+Permissions in <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> have been simplified, to make it easier to assign object access.  This feature can be accessed through the [Pro UI](/get_started/about/ui_pro_vs_os/).
+
+### Opening the Permissions window 
+
+![image](images/pro_permissions.png)
+
+When looking at Product Type or Product, you can open the Permissions window to set permissions quickly.  This menu can be found in a Table by clicking the horizontal dots **"⋮"**.  IF looking at an individual **Product** or **Product Type** page, this menu can be found under the blue gear ‘⚙️’.
+
+## Setting Permissions through the permissions window
+
+![image](images/pro_permissions_2.png)
+
+1. At the top of this window, you can choose to manage permissions for an individual user or for a [user group](../create_user_group).
+2. Here, you can select a user or group to add to the Product, and select  the [Role](../about_perms_and_roles) that you want that user to have.
+3. On the lower table, you can see a list of all users or groups who have access to this object.  You can also quickly assign a new role for one of these users or groups from the drop-down menu.
+
+## Setting Configuration Permissions through the User view
+
+A user's configuration permissions can now be set in a more user-friendly approach. From the Users View, all configuration permissions are displayed in a dropdown, then grouped by the permission type. If the selection of configuration permissions is different from their current value, an “Update Configuration Permissions” button is displayed. When clicked, the user will be asked to confirm they would like to update the permissions for the selected group before an update is made.
+
+![image](images/pro_user_view.png)

docs/content/en/customize_dojo/user_management/set_user_permissions.md → docs/content/admin/user_management/set_user_permissions.md

@@ -2,6 +2,7 @@
 title: "Set a User's permissions"
 description: "How to grant Roles & Permissions to a user, as well as superuser status"
 weight: 2
+audience: opensource
 ---
 
 ## Introduction to Permission Types
@@ -42,7 +43,7 @@ By default, the first account created on a new DefectDojo instance will have Sup
 
 4. From the Edit User page:   
 ​  
-For Superuser Status, check off the ☑️Superuser Status box, located in the user's Default Information.  
+For Superuser Status, check off the ☑️ Superuser Status box, located in the user's Default Information.  
 ​  
 To assign a Global Role, select one from the dropdown Global Role menu at the bottom of the page.  
 ​
@@ -118,7 +119,7 @@ Configuration Permissions are not related to a specific Product or Product Type
 * **Finding Templates:** Access to the Findings \> Finding Templates page
 * **Groups**: Access the 👤Users \> Groups page
 * **Jira Instances:** Access the ⚙️Configuration \> JIRA page
-* **Language Types**:Access the [Language Types](/en/open_source/languages/) API endpoint
+* **Language Types**:Access the [Language Types](/open_source/languages/) API endpoint
 * **Login Banner**: Edit the ⚙️Configuration \> Login Banner page
 * **Announcements**: Access ⚙️Configuration \> Announcements
 * **Note Types:** Access the ⚙️Configuration \> Note Types page