Develop

.github/CODE_OF_CONDUCT.md

@@ -17,23 +17,23 @@ diverse, inclusive, and healthy community.
 Examples of behavior that contributes to a positive environment for our
 community include:
 
-- Demonstrating empathy and kindness toward other people
-- Being respectful of differing opinions, viewpoints, and experiences
-- Giving and gracefully accepting constructive feedback
-- Accepting responsibility and apologizing to those affected by our mistakes,
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
   and learning from the experience
-- Focusing on what is best not just for us as individuals, but for the
+* Focusing on what is best not just for us as individuals, but for the
   overall community
 
 Examples of unacceptable behavior include:
 
-- The use of sexualized language or imagery, and sexual attention or
+* The use of sexualized language or imagery, and sexual attention or
   advances of any kind
-- Trolling, insulting or derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or email
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
   address, without their explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
+* Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
 ## Enforcement Responsibilities
@@ -106,7 +106,7 @@ Violating these terms may lead to a permanent ban.
 ### 4. Permanent Ban
 
 **Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
+standards, including sustained inappropriate behavior,  harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
 
 **Consequence**: A permanent ban from any sort of public interaction within

.github/CONTRIBUTING.md

@@ -1 +1 @@
-Please refer to https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/
+Please refer to https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/

.github/FUNDING.yml

@@ -1 +1,2 @@
-github: [khulnasoft-bot]
+open_collective: threatmatrix-project
+github: khulnasoft

.github/ISSUE_TEMPLATE/issue_template.md

@@ -1,19 +1,19 @@
 ---
 name: Issue Template
 about: used to report bugs
-title: ""
+title: ''
 labels: bug
-assignees: ""
+assignees: ''
+
 ---
 
 ## What happened
 
 ## Environment
-
 1. OS:
 2. ThreatMatrix version:
 
-## What did you expect to happen
+##  What did you expect to happen
 
 ## How to reproduce your issue
 

.github/ISSUE_TEMPLATE/new_analyzer.md

@@ -3,17 +3,19 @@ name: New Analyzer
 about: A new analyzer to integrate with ThreatMatrix
 title: "[Analyzer]"
 labels: new_analyzer
-assignees: ""
+assignees: ''
+
 ---
 
 ## Name
 
 ## Link
 
 ## Type of analyzer
-
 **this can be observable, file, and docker**
 
+
 ## Why should we use it
 
+
 ## Possible implementation

.github/ISSUE_TEMPLATE/new_connector.md

@@ -3,17 +3,19 @@ name: New Connector
 about: A new connector to integrate with ThreatMatrix
 title: "[Connector]"
 labels: new_connector
-assignees: ""
+assignees: ''
+
 ---
 
 ## Name
 
 ## Link
 
 ## Type of connector
-
 ** what kind of data this connector would push to the integrated service **
 
+
 ## Why should we use it
 
+
 ## Possible implementation

.github/ISSUE_TEMPLATE/new_ingestor.md

@@ -3,13 +3,16 @@ name: New Ingestor
 about: A new ingestor to integrate with ThreatMatrix
 title: "[Ingestor]"
 labels: new_ingestor
-assignees: ""
+assignees: ''
+
 ---
 
 ## Name
 
 ## Link
 
+
 ## Why should we use it
 
+
 ## Possible implementation

.github/ISSUE_TEMPLATE/new_playbook.md

@@ -3,15 +3,21 @@ name: New Playbook
 about: A new playbook configured inside ThreatMatrix
 title: "[Playbook]"
 labels: new_playbook
-assignees: ""
+assignees: ''
+
 ---
 
 ## Name
 
+
 ## Analyzers
 
+
 ## Connectors
 
+
 ## Runtime configuration
 
+
 ## Use case
+

.github/ISSUE_TEMPLATE/new_visualizer.md

@@ -3,13 +3,17 @@ name: New Visualizer
 about: A new visualizer to integrate with ThreatMatrix
 title: "[Visualizer]"
 labels: new_visualizer
-assignees: ""
+assignees: ''
+
 ---
 
 ## Name
 
+
 ## Playbooks
 
+
 ## Why should we create it
 
+
 ## Possible implementation

.github/SECURITY.md

@@ -3,7 +3,7 @@
 ## Supported Versions
 
 | Version | Supported          |
-| ------- | ------------------ |
+|---------| ------------------ |
 | >4.x.x  | :white_check_mark: |
 | <4.x.x  | :x:                |
 
@@ -13,7 +13,6 @@ Please contact privately via Twitter one of the current maintainers.
 Current list of maintainers is available here: https://github.com/khulnasoft/ThreatMatrix#about-the-author-and-maintainers
 
 Then we would:
-
-- verify the vulnerability
-- once verified, open a Security Advisory in Github
-- update you with progress
+* verify the vulnerability
+* once verified, open a Security Advisory in Github
+* update you with progress

.github/dependabot.yml

@@ -19,7 +19,7 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -31,7 +31,7 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -43,7 +43,19 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
+    ignore:
+      # ignore all patch updates since we are using ~=
+      # this does not work for security updates
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-patch" ]
+
+  - package-ecosystem: "pip"
+    directory: "/integrations/phishing_analyzers"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -76,7 +88,7 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -88,7 +100,7 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -100,7 +112,7 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -112,7 +124,19 @@ updates:
     schedule:
       interval: "weekly"
       day: "tuesday"
-    target-branch: "dependabot-validation"
+    target-branch: "develop"
+    ignore:
+      # ignore all patch updates since we are using ~=
+      # this does not work for security updates
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+
+  - package-ecosystem: "docker"
+    directory: "/integrations/phishing_analyzers"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates

.github/pull_request_template.md

@@ -14,30 +14,28 @@ Please delete options that are not relevant.
 
 # Checklist
 
-- [ ] I have read and understood the rules about [how to Contribute](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/) to this project
+- [ ] I have read and understood the rules about [how to Contribute](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/) to this project
 - [ ] The pull request is for the branch `develop`
 - [ ] A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
-  - [ ] I strictly followed the documentation ["How to create a Plugin"](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/#how-to-add-a-new-plugin)
-  - [ ] [Usage](https://github.com/khulnasoft/docs/blob/main/docs/ThreatMatrix/usage.md) file was updated.
-  - [ ] [Advanced-Usage](https://github.com/khulnasoft/docs/blob/main/docs/ThreatMatrix/advanced_usage.md) was updated (in case the plugin provides additional optional configuration).
-  - [ ] I have dumped the configuration from Django Admin using the `dumpplugin` command and added it in the project as a data migration. (["How to share a plugin with the community"](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/#how-to-share-your-plugin-with-the-community))
-  - [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive `test_files.zip` and you added the default tests for that mimetype in [test_classes.py](https://github.com/khulnasoft/ThreatMatrix/blob/master/tests/api_app/analyzers_manager/test_classes.py).
-  - [ ] If you created a new analyzer and it is free (does not require any API key), please add it in the `FREE_TO_USE_ANALYZERS` playbook by following [this guide](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/#how-to-modify-a-plugin).
-  - [ ] Check if it could make sense to add that analyzer/connector to other [freely available playbooks](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/usage/#list-of-pre-built-playbooks).
-  - [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
-  - [ ] If the plugin interacts with an external service, I have created an attribute called precisely `url` that contains this information. This is required for Health Checks.
-  - [ ] If the plugin requires mocked testing, `_monkeypatch()` was used in its class to apply the necessary decorators.
-  - [ ] I have added that raw JSON sample to the `MockUpResponse` of the `_monkeypatch()` method. This serves us to provide a valid sample for testing.
+    - [ ] I strictly followed the documentation ["How to create a Plugin"](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/#how-to-add-a-new-plugin)
+    - [ ] [Usage](https://github.com/khulnasoft/docs/blob/main/docs/ThreatMatrix/usage.md) file was updated. A link to the PR to the [docs](https://github.com/khulnasoft/docs) repo has been added as a comment here.
+    - [ ] [Advanced-Usage](https://github.com/khulnasoft/docs/blob/main/docs/ThreatMatrix/advanced_usage.md) was updated (in case the plugin provides additional optional configuration). A link to the PR to the [docs](https://github.com/khulnasoft/docs) repo has been added as a comment here.
+    - [ ] I have dumped the configuration from Django Admin using the `dumpplugin` command and added it in the project as a data migration. (["How to share a plugin with the community"](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/#how-to-share-your-plugin-with-the-community))
+    - [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive `test_files.zip` and you added the default tests for that mimetype in [test_classes.py](https://github.com/khulnasoft/ThreatMatrix/blob/master/tests/api_app/analyzers_manager/test_classes.py).
+    - [ ] If you created a new analyzer and it is free (does not require any API key), please add it in the `FREE_TO_USE_ANALYZERS` playbook by following [this guide](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/#how-to-modify-a-plugin).
+    - [ ] Check if it could make sense to add that analyzer/connector to other [freely available playbooks](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/usage/#list-of-pre-built-playbooks).
+    - [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
+    - [ ] If the plugin interacts with an external service, I have created an attribute called precisely `url` that contains this information. This is required for Health Checks. 
+    - [ ] If the plugin requires mocked testing, `_monkeypatch()` was used in its class to apply the necessary decorators.
+    - [ ] I have added that raw JSON sample to the `MockUpResponse` of the `_monkeypatch()` method. This serves us to provide a valid sample for testing.
 - [ ] If external libraries/packages with restrictive licenses were used, they were added in the [Legal Notice](https://github.com/certego/ThreatMatrix/blob/master/.github/legal_notice.md) section.
-- [ ] Linters (`Black`, `Flake`, `Isort`) gave 0 errors. If you have correctly installed [pre-commit](https://khulnasoft.github.io/ThreatMatrix-docs/ThreatMatrix/contribute/#how-to-start-setup-project-and-development-instance), it does these checks and adjustments on your behalf.
+- [ ] Linters (`Black`, `Flake`, `Isort`) gave 0 errors. If you have correctly installed [pre-commit](https://khulnasoft.github.io/devsec-docs/ThreatMatrix/contribute/#how-to-start-setup-project-and-development-instance), it does these checks and adjustments on your behalf.
 - [ ] I have added tests for the feature/bug I solved (see `tests` folder). All the tests (new and old ones) gave 0 errors.
-- [ ] If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check [CONTRIBUTE.md](https://github.com/khulnasoft/ThreatMatrix/blob/master/docs/source/Contribute.md)).
 - [ ] If the GUI has been modified:
-  - [ ] I have a provided a screenshot of the result in the PR.
-  - [ ] I have created new frontend tests for the new component or updated existing ones.
+    - [ ] I have a provided a screenshot of the result in the PR.
+    - [ ] I have created new frontend tests for the new component or updated existing ones.
 - [ ] After you had submitted the PR, if `DeepSource`, `Django Doctors` or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.
 
 ### Important Rules
-
 - If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
-- Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.
+- Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

.github/release_template.md

@@ -1,10 +1,11 @@
 # Checklist for creating a new release
 
-- [ ] (optional) If we changed/added Docker Analyzers, we need to configure Docker Hub / Dependabot properly.
-- [ ] Update `CHANGELOG.md` for the new version
+- [ ] If we changed/added Docker Analyzers, we need to configure Docker Hub / Dependabot properly.
+- [ ] I have already checked if all Dependabot issues have been solved before creating this PR.
+- [ ] Update `CHANGELOG.md` for the new version. Tag another maintainer to review the Changelog and wait for their feedback.
 - [ ] Change version number `docker/.env`
 - [ ] Verify CI Tests
-- [ ] Create release for the branch `develop`.
+- [ ] Create release for the branch `develop`. Remember to prepend a `v` to the version number.
       Write the following statement there (change the version number):
 
 ```commandline
@@ -16,8 +17,8 @@ WARNING: The release will be live within an hour!
 - [ ] Wait for [dockerHub](https://hub.docker.com/repository/docker/khulnasoft/threatmatrix) to finish the builds
 - [ ] Merge the PR to the `master` branch. **Note:** Only use "Merge and commit" as the merge strategy and not "Squash and merge". Using "Squash and merge" makes history between branches misaligned.
 - [ ] Remove the "wait" statement in the release description.
-- [ ] Publish new Post into official Twitter and LinkedIn accounts:
-
+- [ ] Publish new Post into official Twitter and LinkedIn accounts (change the version number):
 ```commandline
 published #ThreatMatrix vX.X.X! https://github.com/khulnasoft/ThreatMatrix/releases/tag/vX.X.X #ThreatIntelligence #CyberSecurity #OpenSource #OSINT #DFIR
 ```
+- [ ] If that was a major release or an important release, communicate the news to the marketing staff

.github/workflows/pull_request_automation.yml

@@ -123,7 +123,7 @@ jobs:
       - name: Set up NodeJS
         uses: actions/setup-node@v4
         with:
-          node-version: 15
+          node-version: 18
       - name: Cache node modules
         uses: actions/cache@v4
         with: