Better separation of vulnerabilieties in tenable scan

[WojTecH94]

No longer aggregate different endpoints into single vulnerability because it complicates finding management and reporting. More info: https://github.com/DefectDojo/django-DefectDojo/discussions/9669

(2nd PR approach because it appears that changes in xml_parser cause too many unittests failures and it have to be done separately)

[dryrunsecurity[bot]]

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
AppSec Analyzer (beta)	:white_check_mark:	0 findings
Secrets Analyzer	:white_check_mark:	0 findings
Authn/Authz Analyzer	:white_check_mark:	0 findings
Configured Codepaths Analyzer	:white_check_mark:	0 findings
Sensitive Files Analyzer	:white_check_mark:	0 findings

[!Note] :green_circle: Risk threshold not exceeded.

[!Tip] Get answers to your security questions. Add a comment in this PR starting with @dryrunsecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

[lme-nca]

Please dont merge this! imho the way the parser works now is wanted behaviour and we rely on it, and as already mentioned you could use the https://github.com/DefectDojo/django-DefectDojo/discussions/9669#discussioncomment-8669293 view for this use case.

[WojTecH94]

Here is my point of view https://github.com/DefectDojo/django-DefectDojo/discussions/9669#discussioncomment-9238369

[github-actions[bot]]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[WojTecH94]

@manuel-sommer I don't think that the issue you mentioned (https://github.com/DefectDojo/django-DefectDojo/issues/10051) is a real bug TBH. I posted my explanation there. Not really connected with the discussion we have here, but thanks for asking :)

[mtesauro]

Closed as stale