DefectDojo Integration: Reimport Logic

[sNiXx]

I just recently set up the DefectDojo integration (using the API instead of the manual UI steps, as described here) and was surprised to see that Dependency-Track triggers reimports independent of underlying changes.

In my test case, I added a vulnerability and Dependency-Track sent a request to DefectDojo every 60 minutes (as configured) without any changes in the dependency list, severity and so on. With an increasing number of components, this would cause a lot of unnecessary traffic and increase the number of reimports over time without any added value.

Is this expected behavior or am I missing anything?

[cpriyakant]

Yes this needs to be implemented, If there is no changes in component and vulnerabilities.