django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Upload / Reimport of reports should consider severity

Open manuel-sommer opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe Some tools update the severity of findings. Here some examples:

  • DependencyTrack tracks CVEs. Due to false positive reportings, CVEs are closed as rejected e.g. https://nvd.nist.gov/vuln/detail/CVE-2021-20095. Then, DependencyTrack updates the severity of these vulnerabilities to "unassigned". This is basically a "Informational" finding in DefectDojo. However, the new severity is not updated when DependencyTrack syncs the finding to DefectDojo and the finding remains open.
  • DrHeader supports the way to set custom severities. If this changes, the severity is not updated in DefctDojo https://github.com/Santandersecurityresearch/DrHeader/pull/170

Describe the solution you'd like The severity is updated for all findings when they are uploaded (upload or reimport). This includes an SLA adjustment.

manuel-sommer avatar Aug 31 '22 10:08 manuel-sommer

https://github.com/DefectDojo/django-DefectDojo/issues/7728

manuel-sommer avatar Feb 14 '24 17:02 manuel-sommer