You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible for the tool to change the status of all findings that are duplicates? E.g I have the following workflow:
Code is pushed by multiple developers for a product
Each pipeline creates an engagement and uploads scan files
The tool manages to detect duplications so every new engagement with the same vulnerabilities sets findings as Inactive and Duplicates.
It would be nice if the original or any of the duplicate findings is mitigated (Mitigated, False positive accepted) then the status is "depicted" to all duplicates.
This would be usefull when developers mitigate a vulnerability "externaly" run their pipeline again re-import the scan file which would now might have the vulnerability marked as solved/suppressed or whatever. Since this could run in the pipeline that contained the duplicate, this would change the status of the duplicate (which was inactive) but leave the original unchanged (which could be "Active") , leading to inconsistencies in the findings and the tools.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Is it possible for the tool to change the status of all findings that are duplicates? E.g I have the following workflow:
The tool manages to detect duplications so every new engagement with the same vulnerabilities sets findings as Inactive and Duplicates.
It would be nice if the original or any of the duplicate findings is mitigated (Mitigated, False positive accepted) then the status is "depicted" to all duplicates.
This would be usefull when developers mitigate a vulnerability "externaly" run their pipeline again re-import the scan file which would now might have the vulnerability marked as solved/suppressed or whatever. Since this could run in the pipeline that contained the duplicate, this would change the status of the duplicate (which was inactive) but leave the original unchanged (which could be "Active") , leading to inconsistencies in the findings and the tools.
Beta Was this translation helpful? Give feedback.
All reactions