Skip to content

Re-Enable features.md search #12120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Re-Enable features.md search #12120

wants to merge 5 commits into from

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Mar 27, 2025
edited
Loading

This feature summary page is useful in search until we get more "Tags" documentation written, so it should not be excluded from search.

paulOsinski and others added 5 commits March 25, 2025 12:40
@paulOsinski @Maffooch
Changelog 2.44.2 / 2.44.3 (DefectDojo#12040)
de2939d 
* rm Hugo taxonomy pages from docs: the unused 'https://docs.defectdojo.com/tags' page for example

* document permissions overhaul

* add audit log documentation

* update changelog 2.44.2

* changelog 2.44

---------

Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@dependabot
Bump vite from 6.2.0 to 6.2.3 in /docs (DefectDojo#12104)
8638fa9 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.0 to 6.2.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.2.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.2.3/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Maffooch
Add automation to make reviews easier to manage
d08d3e0
@Maffooch
Fixing ruff
0077338
remove exclude_search from Features page
f088a7c
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

DefectDojo Pro repository underwent multiple configuration updates with security findings related to credential handling, workflow scripts, OIDC configuration, and potential token/API security risks.

Expand for full summary

Summary: Multiple configuration and documentation updates across DefectDojo Pro repository, including GitHub workflows, changelog updates, and dependency modifications.

Security Findings:

  1. Sensitive Credential Handling in PR Reminder Script

    • Hardcoded mapping of GitHub usernames to Slack email addresses
    • Uses environment variables for GitHub and Slack tokens
    • Potential information exposure through detailed error logging

  2. CODEOWNERS File Security Implications

    • Reveals internal GitHub usernames and team structure
    • Potential information disclosure about project's organizational hierarchy
    • Usernames might enable social engineering or targeted attacks

  3. Slack PR Reminder Workflow Security Considerations

    • Uses two secret tokens: GitHub and Slack authentication tokens
    • Explicitly checks out only master branch to reduce secret leak possibilities

  4. OIDC Configuration Expansion (Changelog)

    • Potential need for careful validation of OIDC authentication settings
    • New permission assignment method requires thorough access control review

  5. Potential Token and API Security Risks in PR Reminder Script

    • No explicit access control checks
    • Relies on GitHub and Slack token permissions
    • Comprehensive error handling that might leak sensitive information

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs lint
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paulOsinski @Maffooch