Set unique_id_from_tool from matrix field in Dependency Track parser

samiat4911 · samiat4911 · commit 6e5e1f916cea · 2026-02-24T14:42:57.000+01:00
diff --git a/dojo/tools/dependency_track/parser.py b/dojo/tools/dependency_track/parser.py
@@ -230,6 +230,7 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin
             component_version=component_version,
             file_path=file_path,
             vuln_id_from_tool=vuln_id_from_tool,
+            unique_id_from_tool=dependency_track_finding.get("matrix"),
             static_finding=True,
             dynamic_finding=False)
 
diff --git a/unittests/tools/test_dependency_track_parser.py b/unittests/tools/test_dependency_track_parser.py
@@ -54,6 +54,10 @@ def test_dependency_track_parser_has_one_finding(self):
             parser = DependencyTrackParser()
             findings = parser.get_findings(testfile, Test())
             self.assertEqual(1, len(findings))
+            self.assertEqual(
+                "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46",
+                findings[0].unique_id_from_tool,
+            )
 
     def test_dependency_track_parser_v3_8_0(self):
         with (
@@ -64,6 +68,7 @@ def test_dependency_track_parser_v3_8_0(self):
             self.assertEqual(9, len(findings))
             self.assertTrue(all(item.file_path is not None for item in findings))
             self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings))
+            self.assertTrue(all(item.unique_id_from_tool is not None for item in findings))
 
     def test_dependency_track_parser_findings_with_alias(self):
         with (
@@ -75,6 +80,7 @@ def test_dependency_track_parser_findings_with_alias(self):
             self.assertEqual(12, len(findings))
             self.assertTrue(all(item.file_path is not None for item in findings))
             self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings))
+            self.assertTrue(all(item.unique_id_from_tool is not None for item in findings))
             self.assertIn("CVE-2022-42004", findings[0].unsaved_vulnerability_ids)
 
     def test_dependency_track_parser_findings_with_empty_alias(self):
@@ -94,6 +100,7 @@ def test_dependency_track_parser_findings_with_cvssV3_score(self):
         self.assertEqual(12, len(findings))
         self.assertTrue(all(item.file_path is not None for item in findings))
         self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings))
+        self.assertTrue(all(item.unique_id_from_tool is not None for item in findings))
         self.assertIn("CVE-2022-42004", findings[0].unsaved_vulnerability_ids)
         self.assertEqual(8.3, findings[0].cvssv3_score)
 
