Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug - Finding Groups remain after deleting Findings - no API delete operation #11327

Open
1 of 3 tasks
testaccount90009 opened this issue Nov 25, 2024 · 0 comments
Open
1 of 3 tasks
Labels

Comments

@testaccount90009
Copy link
Contributor

testaccount90009 commented Nov 25, 2024

Hello,

There does not appear to be housekeeping for older Findings in DefectDojo to be cleaned up at a regular interval. Some CVEs get reclassified, changed description, etc.. but the group remains even though the Finding has changed and the v1 has 'Closed' in favor of the v2 after it's reclassified/updated.

The problem is, when I set a threshold to delete old findings -- the finding_group never is cleaned up.

I have attempted both the '/metadata' and the 'findings/metadata' calls with no success. I am using the https://demo.defectdojo.org/api/v2/oa3/swagger-ui/ Swagger UI APIv3 documentation and the (/api/v2/ endpoint).

How can I delete finding_groups that I no longer want around? I understand they are a 'thin wrapper for a set of Findings', but I should still be able to delete the finding_groups that are no longer containing any Findings.

In theory, DefectDojo would automatically remove a Finding Group if there are no Findings present in the group. How can I accomplish this?

Thanks

Steps to reproduce the behavior:

  1. Delete Findings through the API.
  2. Finding Group remains with 0 Findings.

Expected behavior
Some kind of if finding_group = 0 then delete function to help with housekeeping.

Deployment method (select with an X)

  • Docker Compose
  • Kubernetes
  • GoDojo

Environment information

  • Operating System: [e.g. Ubuntu 18.04]
  • DefectDojo version (see footer) or commit message: [use git show -s --format="[%ci] %h: %s [%d]"]

Logs
Use docker compose logs (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).

Sample scan files
If applicable, add sample scan files to help reproduce your problem.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context (optional)
Add any other context about the problem here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant