Skip to content

🎉 add Trivy misconfiguration fields #14136#14139

Merged
rossops merged 2 commits intoDefectDojo:bugfixfrom
manuel-sommer:issue_14136
Jan 26, 2026
Merged

🎉 add Trivy misconfiguration fields #14136#14139
rossops merged 2 commits intoDefectDojo:bugfixfrom
manuel-sommer:issue_14136

Conversation

@manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Jan 21, 2026
edited
Loading

DeD1rk
DeD1rk approved these changes Jan 21, 2026
View reviewed changes
Copy link

@DeD1rk DeD1rk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too familiar with defectdojo and trivy internals but this seems rigth to me :)

@valentijnscholten
Copy link
Member

valentijnscholten commented Jan 21, 2026

This affects deduplication, but there's not much we can do about it.

  • Future imports/findings will have better deduplication
  • Existing findings might not be matched in future imports because the currently existing finding do not have the extra vulnerability_id / file_path values.
    Put a not in the upgrade notes to make users aware?

@valentijnscholten valentijnscholten added this to the 2.54.3 milestone Jan 21, 2026
@valentijnscholten valentijnscholten linked an issue Jan 21, 2026 that may be closed by this pull request
Trivy parser doesn't parse vulnerability_ids and file_path for misconfigurations #14136
Closed
3 tasks
@mtesauro
Copy link
Contributor

mtesauro commented Jan 22, 2026

This affects deduplication, but there's not much we can do about it.

* Future imports/findings will have _better_ deduplication

* Existing findings might not be matched in future imports because the currently existing finding do not have the extra vulnerability_id / file_path values.
  Put a not in the upgrade notes to make users aware?

Yeah, that's probably the best we can do. I do agree that this is better for future imports / dedups.

mtesauro
mtesauro approved these changes Jan 22, 2026
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions github-actions bot added the docs label Jan 22, 2026
@manuel-sommer
Copy link
Contributor Author

manuel-sommer commented Jan 22, 2026

Done, added release notes @valentijnscholten

@rossops rossops merged commit c9f6a63 into DefectDojo:bugfix Jan 26, 2026
91 checks passed
@manuel-sommer manuel-sommer deleted the issue_14136 branch January 26, 2026 16:04
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
@rossops
Merge pull request DefectDojo#14139 from manuel-sommer/issue_14136
cab92de 
🎉 add Trivy misconfiguration fields DefectDojo#14136
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@rossops rossops rossops approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Awaiting requested review from Jino-T

+1 more reviewer

@DeD1rk DeD1rk DeD1rk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

docs parser unittests

Projects

None yet

Milestone

2.54.3

Development

Successfully merging this pull request may close these issues.

Trivy parser doesn't parse vulnerability_ids and file_path for misconfigurations

6 participants

@manuel-sommer @valentijnscholten @mtesauro @rossops @DeD1rk @Maffooch