Ruff: Add and fix N999

[kiblik]

Add rule invalid-module-name (N999) and fix following violations:

dojo/settings/settings.dist.py:1:1: N999 Invalid module name: 'settings.dist'
tests/Import_scanner_test.py:1:1: N999 Invalid module name: 'Import_scanner_test'

This is a bit of radical change as it is renaming a globally used and known setting file. I will be happy for any feedback.

[dryrunsecurity]

DryRun Security Summary

The pull request implements comprehensive security improvements and quality enhancements for DefectDojo, including updated file paths, configurable deduplication functionality, improved documentation, and fixes for various security vulnerabilities identified by static code analysis tools.

Expand for full summary

Summary:

The provided pull request contains a series of changes that focus on improving the security and overall quality of the DefectDojo application. The changes address various security concerns, including:

1. Updating file paths and references to the application's settings file from settings.dist.py to settings_dist.py, which helps maintain a clear separation between the default configuration and any custom, potentially sensitive settings.
2. Enhancing the deduplication functionality by allowing the deduplication algorithm and hash code computation to be configured on a per-test type or scan type basis, improving the accuracy and flexibility of the deduplication process.
3. Improving documentation, including updates to the parser contribution guidelines, upgrade instructions, and Docker deployment guidance, which help ensure the secure deployment and maintenance of the application.
4. Addressing specific security vulnerabilities identified by static code analysis tools, such as Bandit and GitLab SAST, including issues related to insecure hashing, XML parsing, SQL injection, and hardcoded sensitive information.

Overall, these changes demonstrate a strong focus on improving the security and maintainability of the DefectDojo application, which is a positive sign for the project's commitment to security.

Files Changed:

• .github/labeler.yml, .github/pull_request_template.md, .github/release-drafter.yml: Minor updates to the GitHub configuration files, including changes to the settings file name references.
• Dockerfile.django-alpine, Dockerfile.django-debian: Updates to the Docker configuration files, including changes to environment variables and dependency management.
• docker/entrypoint-unit-tests.sh, docker/entrypoint-unit-tests-devDocker.sh: Changes to the unit test setup and configuration, including handling of database and Celery settings.
• dojo/models.py: Improvements to the deduplication functionality, allowing for per-test type or scan type configuration.
• dojo/settings/settings.py, dojo/settings/settings_dist.py, dojo/settings/unittests.py, dojo/settings/template-local_settings: Updates to the application's configuration files, including changes to file references and security-related settings.
• Documentation files: Various updates to the documentation, including installation, configuration, upgrading, and contribution guidelines.
• unittests/scans/: Files containing the results of security scans, such as Bandit, GitLab SAST, and Horusec, which identify and address security vulnerabilities in the codebase.

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.