Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When importing a Github scan via API the Status of the finding is wrong #11235

Closed
2 tasks
kretzz opened this issue Nov 11, 2024 · 4 comments · Fixed by #11447
Closed
2 tasks

When importing a Github scan via API the Status of the finding is wrong #11235

kretzz opened this issue Nov 11, 2024 · 4 comments · Fixed by #11447
Labels
bug

Comments

@kretzz
Copy link

kretzz commented Nov 11, 2024

Bug description
When importing a scan from Github dependabot or Github code scanning via DefectDojo API findings that have the state fixed, closed or dismissed are imported as Active when it should be imported as MITIGATED, however when doing it through the UI it works fine (a fixed finding appears as MITIGATED)

Steps to reproduce

  1. Get a github dependabot or code-scanning json report
  2. Import it via API using the import-scan endpoint
  3. The finding that is in state fixed appears as ACTIVE on DefectDojo

Expected behavior
A finding that has the state FIXED, closed or dismissed should be imported as MITIGATED

Deployment method (select with an X)

  • [x ] Docker Compose
  • Kubernetes
  • GoDojo

Environment information

  • Operating System: Ubuntu 20.04
  • DefectDojo version v. 2.38.2

Sample scan files
GHAS-example.json
@kretzz kretzz added the bug label Nov 11, 2024
@hblankenship hblankenship linked a pull request Dec 20, 2024 that will close this issue
Allow None Option for Active/Verified on Import/Reimport to Mirror UI Options #11447
Merged
@Maffooch Maffooch mentioned this issue Dec 23, 2024
Merged
@valentijnscholten
Copy link
Member

Can you provide the parameters you're sending witht the import-scan request? If you set the Active parameter explicitly to True, it might override the values set by the parser.

@mtesauro
Copy link
Contributor

mtesauro commented Jan 2, 2025

@kretzz Closing for now since the related PR was merged but I'm also curious how you were sending the scan as asked ☝️

@mtesauro mtesauro closed this as completed Jan 2, 2025
@kretzz
Copy link
Author

kretzz commented Jan 3, 2025
edited
Loading

Sorry for the delay @mtesauro and @valentijnscholten, yes the parameter Active was set to True. In this case should I put it to false in order to respect the status of the findings that are being uploaded?

@valentijnscholten
Copy link
Member

You should not set it, or set it to None.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
3 participants
@mtesauro @valentijnscholten @kretzz