Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fortify: Handle suppressed findings as false positives #12293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 24, 2025
Merged

Fortify: Handle suppressed findings as false positives #12293

merged 4 commits into from
Apr 24, 2025

Conversation

valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Apr 22, 2025
edited
Loading

Fixes #12200

Description
Fortify FPR artifacts can contain an additional audit.xml file which contains audit/triage data made by users. One possible outcome is that vulnerabilities are suppressed. These are now marked as False Positive (and active=False) in DefectDojo.
These vulnerabilities typically have comments in the audit.xml. These are added to the impact field.

Test results
Added unit test.

Documentation
Added note to existing docs.

Checklist

  • Make sure to rebase your PR against the very latest dev.
  • Features/Changes should be submitted against the dev.
  • Bugfixes should be submitted against the bugfix branch.
  • Give a meaningful name to your PR, as it may end up being used in the release notes.
  • Your code is flake8 compliant.
  • Your code is python 3.11 compliant.
  • If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
  • Model changes must include the necessary migrations in the dojo/db_migrations folder.
  • Add applicable tests to the unit tests.
  • Add the proper label to categorize your PR.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 22, 2025
edited
Loading

DryRun Security

No security concerns detected in this pull request.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten valentijnscholten mentioned this pull request Apr 22, 2025
Closed
@Maffooch Maffooch added this to the 2.45.3 milestone Apr 22, 2025
mtesauro
mtesauro approved these changes Apr 24, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 76c63d3 into DefectDojo:bugfix Apr 24, 2025
78 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
docs parser unittests
Projects
None yet
Milestone
2.45.3
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch