Bug description
When importing a BlackDuck Binary Analysis CSV report, the vuln_id_from_tool field gets populated with the CVE, but not the vulnerability_id field as it is not set.
|
vuln_id_from_tool=str(cve), |
Steps to reproduce
Steps to reproduce the behavior:
- Import a BlackDuck Binary Analysis CSV report
- In the findings, the
Vuln ID from tool shows the CVE of the finding, but the Vulnerability Id is empty
Expected behavior
Expected behavior would be that also the Vulnerability Id contains the CVE (for de-duplication etc.)
Deployment method (select with an X)
Environment information
- DefectDojo version:
2.38.4
Sample scan files
The problem can be reproduced with the scan test files for BlackDuck Binary Analysis https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis
Screenshots
With the one_vuln.csv scan:
Bug description
When importing a BlackDuck Binary Analysis CSV report, the
vuln_id_from_toolfield gets populated with the CVE, but not thevulnerability_idfield as it is not set.django-DefectDojo/dojo/tools/blackduck_binary_analysis/parser.py
Line 93 in 924c2c8
Steps to reproduce
Steps to reproduce the behavior:
Vuln ID from toolshows the CVE of the finding, but theVulnerability Idis emptyExpected behavior
Expected behavior would be that also the
Vulnerability Idcontains the CVE (for de-duplication etc.)Deployment method (select with an
X)Environment information
2.38.4Sample scan files
The problem can be reproduced with the scan test files for BlackDuck Binary Analysis https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis
Screenshots
With the one_vuln.csv scan:
