Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When importing a Github scan via API the Status of the finding is wrong #11235

Open
2 tasks
kretzz opened this issue Nov 11, 2024 · 0 comments · May be fixed by #11447
Open
2 tasks

When importing a Github scan via API the Status of the finding is wrong #11235

kretzz opened this issue Nov 11, 2024 · 0 comments · May be fixed by #11447
Labels

Comments

@kretzz
Copy link

kretzz commented Nov 11, 2024

Bug description
When importing a scan from Github dependabot or Github code scanning via DefectDojo API findings that have the state fixed, closed or dismissed are imported as Active when it should be imported as MITIGATED, however when doing it through the UI it works fine (a fixed finding appears as MITIGATED)

Steps to reproduce

  1. Get a github dependabot or code-scanning json report
  2. Import it via API using the import-scan endpoint
  3. The finding that is in state fixed appears as ACTIVE on DefectDojo

Expected behavior
A finding that has the state FIXED, closed or dismissed should be imported as MITIGATED

Deployment method (select with an X)

  • [x ] Docker Compose
  • Kubernetes
  • GoDojo

Environment information

  • Operating System: Ubuntu 20.04
  • DefectDojo version v. 2.38.2

Sample scan files
GHAS-example.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
1 participant