[Owasp_defectdojo_project] DefectDojo De-duplication of Findings
greg.anderson at owasp.org
Fri Jul 29 20:52:44 UTC 2016
Should this be in core?
I think so, but I'm also not sure I could reasonably do this as a plugin
because it touches so many things:
*Okay the details:*
A big item that Pearson needs for Dojo is de-duplication of findings. This
is something that ThreadFix does that dojo does not. The idea is that you
can upload multiple scans and Dojo will automatically try to remove
duplicates. How I was thinking of implementing this was adding a ManytoMany
relationship to Engagements with a new model called VettedFindings. The
engagement would hold a list of findings that would be compared when new
ones are added. If a match doesn't exist it would be added to the list
rather than being filtered on the fly. I think this would be best for
performance. However, it has far reaching impact on the metrics, e.g. all
findings filters would have to be replaced with vettedfinding filters
(although they would be identical).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp_defectdojo_project