Skip to content

🎉 add Trivy misconfiguration fields #14136 #14139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
manuel-sommer wants to merge 2 commits into
base: bugfix
Choose a base branch
from
Open

🎉 add Trivy misconfiguration fields #14136 #14139

manuel-sommer wants to merge 2 commits into from
+151 −25

Conversation

@manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Jan 21, 2026
edited
Loading

DeD1rk
DeD1rk approved these changes Jan 21, 2026
View reviewed changes
Copy link

@DeD1rk DeD1rk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too familiar with defectdojo and trivy internals but this seems rigth to me :)

@valentijnscholten
Copy link
Member

valentijnscholten commented Jan 21, 2026

This affects deduplication, but there's not much we can do about it.

  • Future imports/findings will have better deduplication
  • Existing findings might not be matched in future imports because the currently existing finding do not have the extra vulnerability_id / file_path values.
    Put a not in the upgrade notes to make users aware?

@valentijnscholten valentijnscholten added this to the 2.54.3 milestone Jan 21, 2026
@valentijnscholten valentijnscholten linked an issue Jan 21, 2026 that may be closed by this pull request
Trivy parser doesn't parse vulnerability_ids and file_path for misconfigurations #14136
Open
3 tasks
@mtesauro
Copy link
Contributor

mtesauro commented Jan 22, 2026

This affects deduplication, but there's not much we can do about it.

* Future imports/findings will have _better_ deduplication

* Existing findings might not be matched in future imports because the currently existing finding do not have the extra vulnerability_id / file_path values.
  Put a not in the upgrade notes to make users aware?

Yeah, that's probably the best we can do. I do agree that this is better for future imports / dedups.

mtesauro
mtesauro approved these changes Jan 22, 2026
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions github-actions bot added the docs label Jan 22, 2026
@manuel-sommer
Copy link
Contributor Author

manuel-sommer commented Jan 22, 2026

Done, added release notes @valentijnscholten

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

@Jino-T Jino-T Awaiting requested review from Jino-T

+1 more reviewer

@DeD1rk DeD1rk DeD1rk approved these changes

Reviewers whose approvals may not affect merge requirements

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

docs parser unittests

Projects

None yet

Milestone

2.54.3

Development

Successfully merging this pull request may close these issues.

Trivy parser doesn't parse vulnerability_ids and file_path for misconfigurations

5 participants

@manuel-sommer @valentijnscholten @mtesauro @DeD1rk @Maffooch