django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Findings duplication after import more than once trivy scan reports

Open mgsilva97 opened this issue 6 months ago • 1 comments

Hi defect dojo team.

I'm using a script to import data reports to defectdojo via API. When I use this script, I have duplication on the findings. I've checked "deduplicate finds" and "Delete duplicates" but still receiving new findins when trivy report is imported for the same docker image.

Even if I use same engagements, duplicate entries are still there.

Could you please help me with this duplication entries in findings field?

I'm using v.2.47.1 ( release mode )

Thank you.

Deployment method (select with an X)

  • [ ] Docker Compose
  • [X] Kubernetes (helm installation)
  • [ ] GoDojo

mgsilva97 avatar Jun 16 '25 15:06 mgsilva97

Are you using import or reimport? Do you have an example report or screenshots to share some examples?

The Trivy Sacn is using these fields for deduplication:

"Trivy Scan": ["title", "severity", "vulnerability_ids", "cwe", "description"],

So if any of these fields changes between scans, the findings will not be seen as duplicates. This sometimes happens with the description field if it contains dynamic data such as timestamps.

When I import the same report twice in https://demo.defectdojo.org the deduplication seems to work OK.

valentijnscholten avatar Jun 17 '25 18:06 valentijnscholten