-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] What parameters do you run this operator? #85
Comments
Hi @iamhalje, at the moment I am in a test phase and noticed multiple ways to improve the Trivy operator parser yet. I personally would try out defectDojoDoNotReactivate: true to always go forward. This could also improve the performance. But I not yet can't recommend parameters here, yet. |
The main issue is that vulnerabilities that haven't been reported for a long time should be closed, but with the defectDojoCloseOldFindings parameter, all vulnerabilities are being closed, as shown in the screenshot, despite it stating "only the findings for this service will be closed." I would also like to understand how to conveniently use it in this case. As far as I understand, this situation occurs because of re-importing, not because a new engagement is created for each request. |
And yes, I can retrieve all vulnerabilities with the default parameters, but to review which ones are currently active, I need to delete the product so it gets recreated and populated again. This is the situation I'm facing. I would like the flag for closing vulnerabilities to work as described. Therefore, I think I might be doing something wrong on my side. If everything is working correctly for you and this issue doesn’t occur, please let me know. |
Only one appeared in these tests, but it's clear that all were eventually marked as mitigated, and after 1,646 re-imports, there were 0 vulnerabilities overall. That is, each new test closes all the others, even though each test has the service field specified. However, it seems that DefectDojo doesn't take this field into account. |
From my point of view this is rather a DefectDojo bug than a Trivy-dojo-report-operator bug. I guess you should ask in the DefectDojo slack channel for help as from my understanding you are doing / understanding something wrong: I am unsubscribing here. |
Yes, I don't think we can do anything here on the operator side as we're basically just using the api as-is. The same would happen if you would feed the data Directly into dojo.. |
understood thanks, thinking just throught maybe you use it the same way and don't have this problem |
here will be a continuation |
Question
If a single instance of the operator is running, it is assumed that we will send the required data from the entire cluster to DefectDojo. Once a vulnerability is resolved, we will not delete the product and replace it with a new data scope. Instead, we need to change the default parameters to:
defectDojoCloseOldFindings: true
defectDojoDoNotReactivate: false
(?)However, in my case, all vulnerabilities are being closed, not just those specific to the service. This is how it looks. Maybe I’m doing something wrong, but I can’t pinpoint it. Could you please advise which parameters you use and in what scenarios for this operator?
I would also like to separately ask for help from @manuel-sommer. I often see your changes related to Trivy in DefectDojo. Perhaps you’ve encountered this issue before?
The text was updated successfully, but these errors were encountered: