django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Risk accepted status prevent from closing after finding is fixed

Open WojTecH94 opened this issue 1 year ago • 2 comments

Bug description When a finding have risk accepted status in DefectDojo it cannot be closed (mitigated) by new test import (tested on Tenable importer).

Steps to reproduce Steps to reproduce the behavior:

  1. Import some test results
  2. Add Risk Acceptance to one of the findings in DefectDojo
  3. Remove earlier accepted finding from test results file
  4. Import modified file
  5. See that risk accepted finding is not mitigated

Expected behavior When risk accepted finding is fixed it should change status to "Mitigated" and "Risk acceptance" status should (probably) be removed, because Risk acceptance is no longer needed for non existing vulnerability.

Deployment method (select with an X)

  • [X] Docker Compose
  • [ ] Kubernetes
  • [ ] GoDojo

DefectDojo Version tested on: 2.35.2 and 2.37.1

WojTecH94 avatar Aug 16 '24 10:08 WojTecH94

@WojTecH94 I believe this was fixed in #9050

mtesauro avatar Aug 30 '24 21:08 mtesauro

@mtesauro sadly it was not fixed in version 2.38.0 :( I just tested it and risk accepted findings are not getting mitigated during new import with close old findings option checked.

WojTecH94 avatar Sep 05 '24 07:09 WojTecH94