From faf74aa3f8a95065023274d015879f287ad37c8a Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Tue, 26 Aug 2025 09:49:17 +0200 Subject: [PATCH 1/2] :tada: Add fix_available to Trivy --- dojo/tools/trivy/parser.py | 7 +++++++ unittests/tools/test_trivy_parser.py | 1 + 2 files changed, 8 insertions(+) diff --git a/dojo/tools/trivy/parser.py b/dojo/tools/trivy/parser.py index bac175cb365..66b29120acf 100644 --- a/dojo/tools/trivy/parser.py +++ b/dojo/tools/trivy/parser.py @@ -289,6 +289,9 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""): package_version = vuln.get("InstalledVersion", "") references = "\n".join(vuln.get("References", [])) mitigation = vuln.get("FixedVersion", "") + fix_available = True + if mitigation == "": + fix_available = False impact = vuln.get("Status", "") status_fields = self.convert_trivy_status(vuln.get("Status", "")) cwe = int(vuln["CweIDs"][0].split("-")[1]) if len(vuln.get("CweIDs", [])) > 0 else 0 @@ -317,6 +320,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""): cvssv3_score=cvssv3_score, static_finding=True, dynamic_finding=False, + fix_available=fix_available, tags=[vul_type, target_class], service=service_name, **status_fields, @@ -370,6 +374,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""): references=references, description=description, mitigation=misc_resolution, + fix_available=True, static_finding=True, dynamic_finding=False, tags=[target_type, target_class], @@ -402,6 +407,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""): line=secret_start_line, static_finding=True, dynamic_finding=False, + fix_available=True, tags=[target_class], service=service_name, ) @@ -435,6 +441,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""): url=license_link, static_finding=True, dynamic_finding=False, + fix_available=True, tags=[target_class], service=service_name, ) diff --git a/unittests/tools/test_trivy_parser.py b/unittests/tools/test_trivy_parser.py index 05c701e7f44..0ae377d33e6 100644 --- a/unittests/tools/test_trivy_parser.py +++ b/unittests/tools/test_trivy_parser.py @@ -71,6 +71,7 @@ def test_scheme_2_many_vulns(self): self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3) self.assertTrue(finding.static_finding) self.assertFalse(finding.dynamic_finding) + self.assertTrue(finding.fix_available) def test_misconfigurations_and_secrets(self): with sample_path("misconfigurations_and_secrets.json").open(encoding="utf-8") as test_file: From b159f1bdb34a7ddcb9a4b71f97d5502bcd419ef9 Mon Sep 17 00:00:00 2001 From: Manuel Sommer Date: Thu, 28 Aug 2025 18:01:42 +0200 Subject: [PATCH 2/2] review --- docs/content/en/connecting_your_tools/parsers/file/trivy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/content/en/connecting_your_tools/parsers/file/trivy.md b/docs/content/en/connecting_your_tools/parsers/file/trivy.md index b8add19d8e8..f70dc65c618 100644 --- a/docs/content/en/connecting_your_tools/parsers/file/trivy.md +++ b/docs/content/en/connecting_your_tools/parsers/file/trivy.md @@ -32,3 +32,6 @@ By default, DefectDojo identifies duplicate Findings using these [hashcode field - vulnerability ids - cwe - description + +### Field fix_available +In case a mitigation is available, then field 'fix_available' is set to True. \ No newline at end of file