FallenAtticus
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/bug_report.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.travis.yml‎
Lines changed: 1 addition & 2 deletions b/‎.travis.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎BRANCHING-MODEL.md‎
Lines changed: 8 additions & 12 deletions b/‎BRANCHING-MODEL.md‎
Lines changed: 8 additions & 12 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎DOCKER.md‎
Lines changed: 11 additions & 2 deletions b/‎DOCKER.md‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎Dockerfile.django‎
Lines changed: 5 additions & 5 deletions b/‎Dockerfile.django‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎Dockerfile.integration-tests‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile.integration-tests‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile.nginx‎
Lines changed: 6 additions & 6 deletions b/‎Dockerfile.nginx‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎MAINTAINERS.md‎
Lines changed: 25 additions & 10 deletions b/‎MAINTAINERS.md‎
Lines changed: 25 additions & 10 deletions
diff --git a/‎PULL_REQUEST_TEMPLATE.md‎
Lines changed: 7 additions & 5 deletions b/‎PULL_REQUEST_TEMPLATE.md‎
Lines changed: 7 additions & 5 deletions
@@ -27,7 +27,7 @@ A clear and concise description of what you expected to happen.
 
 **Environment information**
  - Operating System: [e.g. Ubuntu 18.04]
- - DefectDojo Commit Message: [use `git show -s --format="%h: %s [%ci]"`]
+ - DefectDojo Commit Message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Sample scan files** (optional)
 If applicable, add sample scan files to help reproduce your problem.
 
@@ -10,8 +10,7 @@ env:
     - CHANGE_MINIKUBE_NONE_USER=true
   matrix:
     - TEST=flake8
-    - TEST=integration_tests
-    - TEST=docker
+    - TEST=docker_integration_tests
     - BROKER=rabbitmq DATABASE=mysql
     - BROKER=rabbitmq DATABASE=postgresql
     - BROKER=redis DATABASE=mysql
 
@@ -3,24 +3,20 @@ This section describes
 - how branches are handled
 - defectdojo release cycle
 
-Please be careful to submit your pull requests to the correct branch: 
-- bugfix: latest release branch
-- evolutions: dev branch
-
-If in doubt please use dev branch.
-
 # Release and hotfix model
 ![Schemas](doc/branching_model.png)
 ## Releasing
-- Start an x.y.0 release branch off dev branch
-- Commit only bug fixes onto this branch (and merge those fixes back to dev)
+- Start a release/x.y.0 release branch off dev branch
+- Commit only bug fixes from `dev` branch onto this branch
 - Dev branch keeps living with further evolutions
-- Every 4-8 weeks, merge the release branch to master and tag: this is when the new release is out: x.(y+1).z
+- Every 4-8 weeks, merge the release branch to master and tag x.y.0: this is when the new release is out: x.(y+1).0
 
 # Issuing a hotfix
-- In case of major issue found after releasing, issue a hotfix branch (first is x.y.1) which is merged to master, dev, and the next release branch
+- In case of major issue found after releasing, and fixed in `dev`:
+  - Issue a hotfix branch (first is x.y.1) holding this fix
+  - Merge to `master` and the next release branch
 
 
-(Schemes created with https://www.planttext.com/)
+Diagrams created with https://www.planttext.com
 
-(This model is inspired by https://nvie.com/posts/a-successful-git-branching-model/ but without feature branches.)
+This model is close to gitflow https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow, https://nvie.com/posts/a-successful-git-branching-model/ with the feature branch being made in each contributor repository.
@@ -60,3 +60,5 @@ DefectDojo.
 [setup_bash]: /setup.bash "Bash setup script"
 [pep8]: https://www.python.org/dev/peps/pep-0008/ "PEP8"
 [flake8 built-in commit hooks]: https://flake8.pycqa.org/en/latest/user/using-hooks.html#built-in-hook-integration
+
+   
@@ -10,8 +10,7 @@ It is one of the supported [Default installation](setup/README.md) methods.
 *  Proxies
     *  If you're behind a corporate proxy check https://docs.docker.com/network/proxy/ . 
 *  Known issues
-    * finding images do not work with docker-compose yet. Making them work in release mode requires additional configuration, some of which will arrive in 1.7.0
-
+    * finding images only work in `dev` and `ptvsd` mode. Making them work in `release` mode requires modifications to the docker-compose configuration.
 
 # Setup via Docker Compose - introduction
 
@@ -71,6 +70,7 @@ For development, use:
 ```zsh
 cp dojo/settings/settings.dist.py dojo/settings/settings.py
 docker/setEnv.sh dev
+docker-compose build
 docker-compose up
 ```
 
@@ -155,6 +155,15 @@ docker-compose logs initializer | grep "Admin password:"
 
 Make sure you write down the first password generated as you'll need it when re-starting the application.
 
+# Option to change the password 
+* If you dont have admin password use the below command to change the password. 
+* After starting the container and open another tab in the same folder.  
+* django-defectdojo_uwsgi_1 -- name obtained from running containers using ```zsh docker ps ``` command
+
+```zsh
+docker exec -it django-defectdojo_uwsgi_1 ./manage.py changepassword admin
+```
+
 # Exploitation, versioning
 ## Disable the database initialization
 The initializer container can be disabled by exporting: `export DD_INITIALIZE=false`. 
 
@@ -4,16 +4,16 @@
 # The code for the build image should be idendical with the code in
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
-# Using 3.5.7 to avoid compatibility issues that may be introduced by python 3.6 and 3.7.
-# Please upgrade before end-of-life in september 2020!
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.5.9-buster@sha256:1baef6be00b82fbd77f1b60ab227a1dbede6f23825ce1b7f1e9c6f7d1469a45c as build
+FROM python:3.6.11-slim-buster@sha256:9111ff37d96bdcd84bcac261951ac410ee276144eb8a02f06e5907ff4ff2ffea as build
 WORKDIR /app
 RUN \
   apt-get -y update && \
   apt-get -y install \
+    build-essential \
     dnsutils \
     default-mysql-client \
+    libmariadb-dev-compat \
     postgresql-client \
     xmlsec1 \
     git \
@@ -24,7 +24,7 @@ RUN \
 COPY requirements.txt ./
 RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
 
-FROM python:3.5.9-slim-buster@sha256:dfb042910e4ef352b5c6aa223031ce768f53f4f1aacf95936152e5508162bcb0
+FROM python:3.6.11-slim-buster@sha256:9111ff37d96bdcd84bcac261951ac410ee276144eb8a02f06e5907ff4ff2ffea
 WORKDIR /app
 RUN \
   apt-get -y update && \
@@ -72,7 +72,7 @@ RUN \
   cp dojo/settings/settings.dist.py dojo/settings/settings.py
 COPY tests/ ./tests/
 RUN \
-  mkdir dojo/migrations && \
+  mkdir -p dojo/migrations && \
   chmod g=u dojo/migrations && \
   chmod g=u /var/run && \
   true
 
@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM python:3.5.9-slim-buster@sha256:8068eec6231ae9b097b296068ba4ed0da08eff5f8a4b44c585d25afaea9e8b33 as build
+FROM python:3.6.11-slim-buster@sha256:9111ff37d96bdcd84bcac261951ac410ee276144eb8a02f06e5907ff4ff2ffea as build
 WORKDIR /app
 RUN \
   apt-get -y update && \
 
@@ -3,13 +3,15 @@
 # The code for the build image should be idendical with the code in
 # Dockerfile.django to use the caching mechanism of Docker.
 
-FROM python:3.5.9-buster@sha256:1baef6be00b82fbd77f1b60ab227a1dbede6f23825ce1b7f1e9c6f7d1469a45c as build
+FROM python:3.6.11-slim-buster@sha256:9111ff37d96bdcd84bcac261951ac410ee276144eb8a02f06e5907ff4ff2ffea as build
 WORKDIR /app
 RUN \
   apt-get -y update && \
   apt-get -y install \
+    build-essential \
     dnsutils \
     default-mysql-client \
+    libmariadb-dev-compat \
     postgresql-client \
     xmlsec1 \
     git \
@@ -29,7 +31,7 @@ ENV \
   node="nodejs"
 RUN \
   apt-get -y update && \
-  apt-get -y install apt-transport-https ca-certificates && \
+  apt-get -y install apt-transport-https ca-certificates curl wget && \
   curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \
   curl -sL https://deb.nodesource.com/setup_12.x | bash - && \
   curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
@@ -62,14 +64,12 @@ RUN \
   python3 manage.py collectstatic --noinput && \
   true
 
-FROM nginx:1.17.9@sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266
+FROM nginx:1.19.1-alpine@sha256:966f134cf5ddeb12a56ede0f40fff754c0c0a749182295125f01a83957391d84
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
 COPY wsgi_params nginx/nginx.conf nginx/nginx_TLS.conf /etc/nginx/
 COPY docker/entrypoint-nginx.sh /
 RUN \
-  apt-get -y update && \
-  apt-get -y install openssl && \
-  apt-get clean && \
+  apk add --no-cache openssl && \
   chmod -R g=u /var/cache/nginx && \
   chmod -R g=u /var/run && \
   mkdir -p /etc/nginx/ssl && \
 
@@ -1,21 +1,36 @@
-## Maintainer Responsibilities
+## Maintainer responsibilities
 
-* Maintainers regularly attend quarterly project meetings.
+* Maintainers regularly attend monthly project meetings on the first Tuesday, and maintainers "office hours" on the third Tuesday of every month.
+* Participate in the #defectdojo and #defectdojo-dev channels regularly.
+* Reviews pull requests.
 * Volunteer for and willingly accept assignments and complete them thoroughly and on time.
 * Stay informed about project matters.
 * Prepare themselves well for meetings.
 * Build a collegial working relationship that contributes to consensus.
-* Is an active participant in the project’s annual evaluating and planning efforts.
-* Reviews pull requests within two weeks if requested.
-
-## Becoming a Maintainer
 
+## Becoming a maintainer
 New maintainers are selected by consensus from the current group of maintainers on an invite-only basis.
 
-## Current Maintainers
+## Stop being a maintainer
+Maintainership is not a necesarily a lifetime subscription. Maintainers can withdraw at any time.
+
+Furthermore, maintainers that have not had any activities (commits, PR, PR reviews, no meeting attendance) in:
+- 3 months: Current maintainers will attempt a contact.
+- 6 months: If no sign of life, will be automatically removed from maintainers groups.
 
-Greg Anderson
+## Current maintainers
+### OWASP Project Leaders:
+* Greg Anderson (@devGregA)
+* Aaron Weaver (@aaronweaver)
+* Matt Tesauro (@mtesauro)
 
-Aaron Weaver
+### Core Maintainers
+* Valentijn Scholten (@valentijnscholten)
+* Fred Blaise (@madchap)
+* Cody Maffucci (@Maffooch)
 
-Matt Tesauro
+### Maintainers
+* Anthony Pipia (@apipia)
+* Saurabh (@dr3dd589)
+* Jannik Jürgens (@alles-klar)
+* Pascal Trovatelli (@ptrovatelli)
@@ -1,28 +1,30 @@
 This template is for your information. Please clear everything when submitting your pull request.
 
-**Note: DefectDojo is now on Python3.5 and Django 2.2.x Please submit your pull requests to the 'dev' branch as the 'legacy-python2.7' branch is only for bug fixes. Any new features submitted to the legacy branch will be ignored and closed.**
+**Note: DefectDojo is now on Python3.6 and Django 2.2.x. Please submit your pull requests to the 'dev' branch as the 'legacy-python2.7' branch is only for bug fixes. Any new features submitted to the legacy branch will be ignored and closed.**
 
 When submitting a pull request, please make sure you have completed the following checklist:
 
+- [ ] Give a meaninful name to your PR, as it may end up being used in the release notes.
 - [ ] Your code is flake8 compliant.
-- [ ] Your code is python 3.5 compliant (specific python >=3.6 syntax is currently not accepted).
+- [ ] Your code is python 3.6 compliant (specific python >3.6 syntax is currently not accepted).
 - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the ReadTheDocs documentation folder. https://github.com/DefectDojo/Documentation/tree/master/docs or provide feature documentation in the PR.
 - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.
 - [ ] Add applicable tests to the unit tests.
 - [ ] Add the proper label to categorize your PR.
 
 
-Current accepted labels for PRs:
+Moderators: Labels currently accepted for PRs:
 - Import Scans (for new scanners/importers)
 - enhancement
 - performance
 - feature
 - bugfix
 - maintenance (a.k.a chores)
 - dependencies
-- New Migration
+- New Migration (when the PR introduces a DB migration)
+- settings_changes (when the PR introduces changes or new settings in settings.dist.py)
 
-# Git Tips
+# Contributors: Git Tips
 ## Rebase on dev branch
 If the dev branch has changed since you started working on it, please rebase your work after the current dev.