Question about "Close old findings within this engagement." - unique closed findings? #11730
Replies: 3 comments 2 replies
-
|
Hi @Whitehorse2 , |
Beta Was this translation helpful? Give feedback.
-
|
@Whitehorse2 Have you tried using reimport? For reoccurring scans it might the better option as it creates less "noise" by avoiding duplicate findings or lots of closed "old" findings. It is still affected by the "line number" issue described by @manuel-sommer, but it might still be beneficial to try it out: https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport/ |
Beta Was this translation helpful? Give feedback.
-
|
@manuel-sommer Isn't this currently also a problem if, for example, a dynamic port number changes in the description? @valentijnscholten |
Beta Was this translation helpful? Give feedback.
-
|
Reimport does track its history where you can see how many / which findings where added/closed over time. But is indeed not possible to view an exact snapshot from the past. Might be a good feature request to raise :-) |
Beta Was this translation helpful? Give feedback.
-
|
Indeed if the line number or port number changes and there is no other (unique) way to identify findings/endpoints, then Defect Dojo will not be able to match the old and new situation. |
Beta Was this translation helpful? Give feedback.
-
So far, if several scans have been performed in one engagement with the same findings, some have been closed with the "Close old findings within this engagement." option after being fixed.
If several scans in a row contain the same findings, the findings from each scan are later counted as Closed Findings. This is actually correct, but also causes misinterpretations.
I would also need an overview and statistics with the unique closed vulnerabilities, is that already possible or perhaps worth a feature request?
Beta Was this translation helpful? Give feedback.
All reactions