You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| unknown | True | False | False ||use default value for active which is usually True |
12
-
| not_affected | False | True | True |True |false positive is the most appropriate status for not affected as out of scope might be interpreted as something else |
| fixed | True | True | False ||fixed in this context means that there is a fix available by patching/updating/upgrading the package but it's still active and verified |
15
-
| under_investigation | True | False | False ||no status flag in Defect Dojo to capture this, but verified is False |
16
-
| will_not_fix | True | True | False ||no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to risk accept this finding |
17
-
| fix_deferred | True | True | False ||no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to (temporarily) risk accept this finding |
18
-
| end_of_life | True | True | False | | no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to (temporarily) risk accept
9
+
| Trivy Status | Active | Verified | Mitigated | Remarks |
| unknown | True | False | False | use default value for active which is usually True |
12
+
| not_affected | False | True | True | false positive is the most appropriate status for not affected as out of scope might be interpreted as something else |
13
+
| affected | True | True | False | standard case |
14
+
| fixed | True | True | False | fixed in this context means that there is a fix available by patching/updating/upgrading the package but it's still active and verified |
15
+
| under_investigation | True | False | False | no status flag in Defect Dojo to capture this, but verified is False |
16
+
| will_not_fix | True | True | False | no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to risk accept this finding |
17
+
| fix_deferred | True | True | False | no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to (temporarily) risk accept this finding |
18
+
| end_of_life | True | True | False | no different from affected as Defect Dojo doesn't have a flag to capture will_not_fix by OS/Package Vendor; we can't set active to False as the user needs to (temporarily) risk accept
19
19
20
20
The status field contains the status as assigned by the OS/Package vendor such as Red Hat, Debian, etc.
21
-
It is recommended to assess the appropriate action in your Product's context
21
+
It is recommended to assess the appropriate action in your Product's context.
22
22
If you want to exclude certain status from being imported into Defect Dojo, please [filter them in the export from Trivy](https://trivy.dev/latest/docs/configuration/filtering/)
23
23
24
24
### Sample Scan Data
25
-
Sample Trivy scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trivy).
25
+
Sample Trivy scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trivy)
0 commit comments