docs: Update the API pull documentation

docs/content/supported_tools/parsers/api/_index.md

@@ -11,14 +11,21 @@ All parsers that use API pull have common basic configuration steps, but with di
 
 Follow these steps to set up API importing:
 
+## Tool Configuration
+
 1.  Configure the API authentication details by navigating to
     `Configuration -> Tool Configuration -> Add Tool Configuration`. Enter a `Name`,
     selecting the related `Tool Type` and `Authentication Type` "API Key". Paste your credentials
-    to the proper fields based on definitions below.
+    into the proper fields based on the selected parser.
+
+## Product-Level Configuration
+
+1.  Navigate to `Products -> All Products` and select a product from the list.
+
+2.  Click on `Settings` and select `Add API Scan Configuration`
 
-2.  In the `Product` settings select `Add API Scan Configuration` and select the
-    previously added `Tool Configuration`. Provide values based on definitions below.
+3.  Select the previously added `Tool Configuration` and provide additional values based on the selected parser.
 
-3.  After this is done, you can import the findings on the `Product` page through
-    `Findings -> Import Scan Results`. As the `Scan type`, select the related type,
-    the API scan configuration from the last step, and click `Import`.
+4.  After this is done, you can import the findings on the `Product` page through
+    `Findings -> Import Scan Results`. As the `Scan type`, select the related type
+    (the `API Scan Configuration` created above) and click `Import`.

docs/content/supported_tools/parsers/api/sonarqube.md

@@ -2,20 +2,24 @@
 title: "SonarQube API Import"
 toc_hide: true
 ---
-All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first.
+All parsers that use API pull have common basic configuration steps, but with different values. Please, [read these steps](../) first.
 
-In `Tool Configuration`, select `Tool Type` to "SonarQube" and `Authentication Type` "API Key".
-Note the url must be in the format of `https://<sonarqube_host>/api`
+## Tool Configuration
+
+In `Tool Configuration`, select `Tool Type` "SonarQube" and `Authentication Type` "API Key".
+The URL must be in the format of `https://<sonarqube_host>/api`
 Paste your SonarQube API token in the "API Key" field.
-By default the tool will import vulnerabilities issues
-and security hotspots only, but additional filters can be setup using the 
-Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using
-SonarCloud, you must also specify the Organization ID in the Extras field as follows
-`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please 
-seperate the items in the Extras field by a vertical bar as follows
-`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`
-
-In "Add API Scan Configuration"
+By default, the tool will import vulnerability issues
+and security hotspots only, but additional filters can be applied using the 
+"Extras" field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using
+SonarCloud, you must also specify the Organization ID in the "Extras" field (e.g. 
+`OrgID=sonarcloud-organzation-ID`). When also specifying issue type filters, please 
+separate the items in the "Extras" field by a vertical bar (e.g. 
+`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`)
+
+## Product-Level Configuration
+
+In `Add API Scan Configuration`
 -   `Service key 1` must
     be the SonarQube project key, which can be found by navigating to a specific project and
     selecting the value from the url
@@ -24,23 +28,29 @@ In "Add API Scan Configuration"
     use the name of the Product as the project key in SonarQube. If you would like to
     import findings from multiple projects, you can specify multiple keys as
     separated `API Scan Configuration` in the `Product` settings.
--   If using SonarCloud, the orginization ID can be used from step 1, but it
-    can be overiden by supplying a different orginization ID in the `Service key 2` input field.
+-   If using SonarCloud, the organization ID can be used from step 1, but it
+    can be overridden by supplying a different organization ID in the `Service key 2` input field.
 
 ## Multiple SonarQube API Configurations
 
-In the import or re-import dialog you can select which `API Scan
+In the import or re-import dialog, you can select which `API Scan
 Configuration` shall be used. If you do not choose
 any, DefectDojo will use the `API Scan Configuration` of the Product if there is
 only one defined or the SonarQube `Tool Configuration` if there is only one.
 
-## Multi Branch Scanning
+## Multi-Branch Scanning
 
-If using a version of SonarQube with multi branch scanning, the branch tha be scanned can
-be supplied in the `branch_tag` fieild at import/re-import time. If the branch does not exist,
-a notification will be generated in the alerts table indicating that branch to be imported
+If using a version of SonarQube with multi-branch scanning, the branch to be scanned can
+be supplied in the `branch_tag` field at import/re-import time. If the branch does not exist,
+a notification will be generated in the alerts table, indicating that branch to be imported
 does not exist. If a branch name is not supplied during import/re-import, the default branch
 of the SonarQube project will be used.
 
-**Note:**: If `https` is used for the SonarQube, the certificate must be
-trusted by the DefectDojo instance.
+## Custom Trust
+
+If you are connecting to SonarQube via HTTPS, the issuer of the certificate that is presented by
+SonarQube must be trusted.
+
+One way of achieving this is by defining the `REQUESTS_CA_BUNDLE` environment variable to point
+to a PEM-encoded certificate file in the container (e.g. `REQUESTS_CA_BUNDLE=/app/media/cacerts.pem`).
+To ensure the certificate is persisted, the file should be in a mounted volume.