Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs Updates: Feb #11791

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Docs Updates: Feb #11791

wants to merge 15 commits into from

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Feb 10, 2025
edited
Loading

  • Retitle articles to specify OS context
  • Remove index pages and other irrelevant articles from search
  • Add more notes on windows CLI tool installation
  • Add docs on Universal Parser (upcoming Pro feature)
  • Add back defectdojo.com/pricing links
  • Add an SCSS override to fix the 'static width central column' issue and accommodate wider screens

[sc-8970]
[sc-9508]
[sc-10106]
[sc-10136]

@github-actions github-actions bot added the docs label Feb 10, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 10, 2025
edited
Loading

DryRun Security Summary

Documentation updates include adding 'exclude_search: true' to front matter metadata, security-related changes to hyperlinks and contact information, and addressing configuration risks related to environment variables and API tokens across multiple files.

Expand for full summary

The pull request introduces multiple documentation configuration updates across several files, primarily adding exclude_search: true to front matter metadata. In the "about_defectdojo/request_a_trial.md" file, a security-sensitive hyperlink was added, and potential information exposure was identified through email contact points and trial signup process details. The "connecting_your_tools/external_tools.md" file contains security considerations around environment variable configuration, with risks related to API token exposure and potential configuration inconsistencies.

Security Findings:

  1. Email Contact Exposure: Multiple public email addresses ([email protected], [email protected]) potentially vulnerable to social engineering
  2. Environment Variable Risks: Potential security concerns with API token configuration in Windows environments
  3. Potential Information Disclosure: URLs revealing internal directory structures and system details
  4. Sensitive Configuration Handling: Risks in setting environment variables and API token management
  5. Hyperlink Security: Added links using HTTPS to DefectDojo-owned domains

Code Analysis

We ran 9 analyzers against 27 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 2 findings

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@paulOsinski paulOsinski changed the title Docs Updates: remove irrelevant pages from search Docs Updates: Feb Feb 12, 2025
@github-actions github-actions bot added the ui label Feb 12, 2025
mtesauro
mtesauro approved these changes Feb 15, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dogboat dogboat dogboat requested changes

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
docs ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paulOsinski @mtesauro @dogboat @Maffooch