Skip to content

docs: Update the API pull documentation #13689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 14, 2025
Merged

docs: Update the API pull documentation #13689

merged 1 commit into from
Nov 14, 2025
+44 −27

Conversation

@sNiXx
Copy link

@sNiXx sNiXx commented Nov 12, 2025

Description

Updating a few minor inconsistencies and errors, but also adding more details about custom trust configuration.

Test results

N/A

Documentation

This is a docs-only PR

Maffooch
Maffooch reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove additional commits for other PRs

@valentijnscholten valentijnscholten added this to the 2.53.0 milestone Nov 12, 2025
@github-actions github-actions bot removed the helm label Nov 13, 2025
paulOsinski
paulOsinski previously requested changes Nov 13, 2025
View reviewed changes
docs/content/supported_tools/parsers/api/sonarqube.md
If you are connecting to SonarQube via HTTPS, the issuer of the certificate that is presented by
SonarQube must be trusted.

One way of achieving this is by defining the `REQUESTS_CA_BUNDLE` environment variable to point
Copy link
Contributor

@paulOsinski paulOsinski Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REQUESTS_CA_BUNDLE environment variable

this is an env var within SonarQube? Just want to specify

Copy link
Author

@sNiXx sNiXx Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this appears to be an env variable of the python requests library (see here). Although its usage in DefectDojo is not really documented besides in one sentence here and in the helm instructions (e.g. here)

As far as I understand, REQUESTS_CA_BUNDLE should ideally point to a file (or a directory) that includes custom trusted CA certificate(s) as well as the other trusted CA certificates already present (i.e. it overrides the default trust store).

I would propose to reflect this in the documentation by referencing the official requests docs.

Another alternative could be to bind /etc/ssl/certs to a read-only mounted volume, add the custom trusted CA certificates with Ubuntu's update-ca-certificates command and then set REQUESTS_CA_BUNDLE to /etc/ssl/certs/ca-certificates.crt

Writing these lines, I wonder, if it would make sense to have a dedicated page for this?

Copy link
Member

@valentijnscholten valentijnscholten Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sNiXx That would be very helpful (a page about REQUESTS_CA_BUNDLE). But can be a follow up PR as it's not blocking this.

mtesauro
mtesauro approved these changes Nov 14, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

Pinged @paulOsinski and he's good with the extra docs happening in a future PR

@mtesauro mtesauro dismissed paulOsinski’s stale review November 14, 2025 17:34

Confirmed with paulOsinski that we're good here before dismissing.

@mtesauro mtesauro merged commit 6e55879 into DefectDojo:dev Nov 14, 2025
151 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

@paulOsinski paulOsinski paulOsinski left review comments

Assignees

No one assigned

Labels

docs

Projects

None yet

Milestone

2.53.0

Development

Successfully merging this pull request may close these issues.

6 participants

@sNiXx @mtesauro @valentijnscholten @paulOsinski @Maffooch @Jino-T