Merge branch 'dev' into fix--helm-chart

Author: fernandezcuesta

.github/workflows/close-stale.yml

@@ -15,13 +15,24 @@ jobs:
   close-stale:
     runs-on: ubuntu-latest
     steps:
+      - name: Close issues and PRs that are pending closure
+        uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        with:
+          # Disable automatic stale marking - only close manually labeled items
+          days-before-stale: -1
+          days-before-close: 7
+          stale-issue-label: 'pending-closure'
+          stale-pr-label: 'pending-closure'
+          close-issue-message: 'This issue has been automatically closed because it was manually labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
+          close-pr-message: 'This PR has been automatically closed because it was manually labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
+
       - name: Close stale issues and PRs
-        uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
+        uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1
           days-before-close: 7
           stale-issue-label: 'stale'
           stale-pr-label: 'stale'
-          close-issue-message: 'This issue has been automatically closed because it was manually labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
-          close-pr-message: 'This PR has been automatically closed because it was manually labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
+          close-issue-message: 'This issue has been automatically closed because it was labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
+          close-pr-message: 'This PR has been automatically closed because it was labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'

.github/workflows/integration-tests.yml

@@ -2,12 +2,18 @@ name: Integration tests
 
 on:
   workflow_call:
+    inputs:
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   integration_tests:
     # run tests with docker compose
     name: User Interface Tests
     runs-on: ubuntu-latest
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
     strategy:
       matrix:
         test-case: [

.github/workflows/release-x-manual-helm-chart.yml

@@ -87,7 +87,7 @@ jobs:
           echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV
 
       - name: Create release ${{ inputs.release_number }}
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+        uses: softprops/action-gh-release@62c96d0c4e8a889135c1f3a25910db8dbe0e85f7 # v2.3.4
         with:
           name: '${{ inputs.release_number }} 🌈'
           tag_name: ${{ inputs.release_number }}

.github/workflows/rest-framework-tests.yml

@@ -6,11 +6,16 @@ on:
         platform:
           type: string
           default: "linux/amd64"
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   unit_tests:
     name: Rest Framework Unit Tests
     runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
 
     strategy:
       matrix:

.github/workflows/unit-tests.yml

@@ -25,18 +25,26 @@ jobs:
     strategy:
         matrix:
             platform: ['linux/amd64', 'linux/arm64']
+            auditlog_type: ['django-auditlog', 'django-pghistory']
         fail-fast: false
     needs: build-docker-containers
     uses: ./.github/workflows/rest-framework-tests.yml
     secrets: inherit
     with:
       platform: ${{ matrix.platform}}
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run integration tests for linux/amd64 (default)
   test-user-interface:
     needs: build-docker-containers
     uses: ./.github/workflows/integration-tests.yml
     secrets: inherit
+    strategy:
+      matrix:
+        auditlog_type: ['django-auditlog', 'django-pghistory']
+      fail-fast: false
+    with:
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run k8s tests for linux/amd64 (default)
   test-k8s:

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.51.0-dev",
+  "version": "2.52.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker-compose.yml

@@ -129,7 +129,7 @@ services:
       - defectdojo_postgres:/var/lib/postgresql/data
   redis:
     # Pinning to this version due to licensing constraints
-    image: redis:7.2.10-alpine@sha256:395ccd7ee4db0867de0d0410f4712a9e0331cff9fdbd864f71ec0f7982d3ffe6
+    image: redis:7.2.11-alpine@sha256:7632e82373929f39cdbead93f2e45d8b3cd295072c4755e00e7e6b19d56cc512
     volumes:
       - defectdojo_redis:/data
 volumes:

docker/entrypoint-initializer.sh

@@ -110,6 +110,8 @@ python3 manage.py makemigrations --no-input --check --dry-run --verbosity 3 || {
     cat <<-EOF
 
 ********************************************************************************
+WARNING: Missing Database Migrations Detected
+********************************************************************************
 
 You made changes to the models without creating a DB migration for them.
 
@@ -119,15 +121,25 @@ If you're not familiar with migrations in Django, please read the
 great documentation thoroughly:
 https://docs.djangoproject.com/en/5.0/topics/migrations/
 
+This is now a WARNING and the container will continue to start.
+However, you should create the necessary migrations as soon as possible using:
+docker compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
+
 ********************************************************************************
 
 EOF
-    exit 1
+    echo "WARNING: Continuing startup despite missing migrations..."
 }
 
 echo "Migrating"
 python3 manage.py migrate
 
+echo "Configuring pghistory triggers based on audit settings"
+cat <<EOD | python3 manage.py shell
+from dojo.auditlog import configure_pghistory_triggers
+configure_pghistory_triggers()
+EOD
+
 echo "Admin user: ${DD_ADMIN_USER}"
 ADMIN_EXISTS=$(echo "SELECT * from auth_user;" | python manage.py dbshell | grep "${DD_ADMIN_USER}" || true)
 # Abort if the admin user already exists, instead of giving a new fake password that won't work

docs/content/en/changelog/changelog.md

@@ -10,6 +10,11 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Sept 2025: v2.50
 
+### Sept 22, 2025: v2.50.4
+
+* **(Pro UI)** Changes Engagement Deduplication form label and help text
+* **(Pro UI)** Adds toggle for MCP (for superusers only)
+
 ### Sept 15, 2025: v2.50.3
 
 * **(Pro UI)** Added support for [CVSSv4.0](https://www.first.org/cvss/v4-0/) vector strings.

docs/content/en/connecting_your_tools/parsers/file/github_secrets_detection_report.md

@@ -0,0 +1,9 @@
+---
+title: "Github Secrets Detection Report"
+toc_hide: true
+---
+Import findings in JSON format from Github Secret Scanning REST API:
+<https://docs.github.com/en/rest/secret-scanning/secret-scanning>
+
+### Sample Scan Data
+Sample Github SAST scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/github_secrets_detection_report_many_vul.json).