Skip to content

🎉 Add fix_available to Trivy #13057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 29, 2025
Merged

🎉 Add fix_available to Trivy #13057

merged 2 commits into from
Aug 29, 2025

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer mentioned this pull request Aug 26, 2025
Closed
mtesauro
mtesauro approved these changes Aug 26, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

valentijnscholten
valentijnscholten reviewed Aug 27, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this idea of populating the fix_available field in ways like this. Would it be helpful/needed to add to each parser doc how the field is populated? I remember a PR that was documenting for some parsers which fields from the report were parsed and how they were mapped. We could use AI to complete this for all parsers and then keep it up-to-date with parser changes?
Or even without that we could start adding a line to the docs of the parsers that set fix_available to indicate how the parsers decides on the value of the field? This is especially valuable if the value is derived from other fields or based on text matching of another field.

@valentijnscholten valentijnscholten added this to the 2.50.0 milestone Aug 27, 2025
valentijnscholten
valentijnscholten reviewed Aug 28, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these fix_available PRs have a migration to set the field for existing findings?
Should they be combined into one PR to make it manageable for thsi release?

@manuel-sommer
Copy link
Contributor Author

I guess they don't need a migration as reimport with this PR #12922 will take care of this earlier or later
I intentionally splitted these into multiple MRs to make review easier / faster. This would provide a chance for some parsers to get merged if other parsers would be delayed because of review recommendations.

valentijnscholten
valentijnscholten requested changes Aug 28, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of people are using import and will have lots of existing findings. But I'm OK to keep it simple for now.
But I do think we need to add a line to the docs.

@github-actions github-actions bot added the docs label Aug 28, 2025
@valentijnscholten valentijnscholten merged commit 64e1754 into DefectDojo:bugfix Aug 29, 2025
87 checks passed
@manuel-sommer manuel-sommer deleted the trivy_fix_available branch August 30, 2025 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

Assignees

No one assigned

Labels

docs parser unittests

Projects

None yet

Milestone

2.50.0

Development

Successfully merging this pull request may close these issues.

5 participants

@manuel-sommer @mtesauro @valentijnscholten @Maffooch @Jino-T