fix(docker compose): Use 'docker compose' everywhere

[kiblik]

As docker compose is part of docker and it is unnecessary to use docker-compose, it should be addressed correctly everywhere.

[dryrunsecurity]

DryRun Security Summary

The pull request covers a wide range of updates to the DefectDojo application, including improvements to the documentation, deployment scripts, and test suite, all aimed at ensuring secure configurations, maintaining compatibility with updated dependencies, and improving the overall security posture of the application.

Expand for full summary

Summary:

The changes in this pull request cover a wide range of updates to the DefectDojo application, including improvements to the documentation, deployment scripts, and test suite. From an application security perspective, the key changes are focused on ensuring secure configurations, maintaining compatibility with updated dependencies, and improving the overall security posture of the application.

The documentation updates cover topics such as LDAP authentication, JIRA integration, deduplication, and the Docker-based deployment process. These changes aim to provide clear and comprehensive guidance to users on how to securely configure and use the various features of the DefectDojo application.

The updates to the deployment scripts, including the migration from docker-compose to docker compose commands, help ensure that the application can be deployed and upgraded in a consistent and secure manner. The inclusion of version checks and the handling of breaking changes, such as the database migration from MySQL to PostgreSQL, demonstrate a strong focus on maintaining the application's security and stability.

The changes to the test suite, including the addition of comprehensive integration tests, are also noteworthy from a security perspective. Thorough testing helps identify and address potential security vulnerabilities, ensuring the overall security and reliability of the DefectDojo application.

Files Changed:

1. docker/docker-compose-check.sh: This script checks the version of the Docker Compose tool and ensures that it meets the minimum supported version, which is an important security practice to prevent issues from using an unsupported version.

2. docker/extra_settings/README.md: The changes in this file clarify the purpose and usage of the docker/extra_settings directory, which allows users to override or extend the default settings. This is an important security consideration, as any custom settings should be carefully reviewed to avoid introducing vulnerabilities.

3. .github/ISSUE_TEMPLATE/support_request.md and .github/ISSUE_TEMPLATE/bug_report.md: The updates to these issue templates provide improved guidance for users to report issues and provide relevant logs, which can help the security team quickly identify and address any security-related problems.

4. Various documentation files (e.g., docs/content/en/getting_started/upgrading/2.30.md, docs/content/en/getting_started/running-in-production.md, docs/content/en/integrations/jira.md, docs/content/en/usage/features.md, docs/content/en/integrations/ldap-authentication.md, readme-docs/DOCKER.md): These documentation updates cover a range of topics, including upgrading, production deployment, integrations, and feature usage. The focus on providing clear and comprehensive guidance helps users configure and use the DefectDojo application securely.

5. tests/local-integration-tests.sh: The changes to this test script, which now uses the docker compose command, demonstrate a commitment to maintaining a robust test suite that can help identify and prevent security issues.

Overall, the changes in this pull request appear to be focused on improving the security, stability, and usability of the DefectDojo application, which is a positive contribution to the project.

Code Analysis

We ran 9 analyzers against 14 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[cneill]

Some of these need to be reverted because they modify comments referring to both the new docker compose syntax and the old docker-compose syntax explicitly, and they no longer make sense with the - removed. We could alternatively remove all of these comments, but I don't think there's much benefit to this.