Scanner filter mechanism in import or reimport.

[manuel-sommer]

Some scanners ship a lot of findings, especially scanners which detect vulnerabilities as an agent on enrolled machines. (e.g. Wazuh, MS Defender or Checkov over a shared infrastructure).
These findings are then uploaded to one destination inside DefectDojo. It would be nice if the upload (import or reimport) would have an option to filter out results (e.g. Team ABC). Then, the result could be uploaded to different Engagements with different filters and the access could be managed on team level.
This would bring the benefit that these findings are not visible to a huge communitty and are also easier manageable.

A second scenario is that e.g. Harbor detects also findings which can't be remediated yet as there is no fix present. This could also be adjusted with a filter. Some teams would like to see these results to have a total overview about the security of their application, but some teams would not like to get these results as they only want to focus on issues they can remediate and see them as false positives.

[manuel-sommer]

Hi @mtesauro,

as multiple stakeholders (see linked examples) rely on this feature, I would be happy if you could bring this again into consideration between the maintainers if it is possible to approve this feature before 3.X? Especially because there is no clear release date for 3.X and because it sounds like that it will not happen in the next month. If this is possible, I would go for a PR to help here. I would like it to improve multiple parsers to finetune the behavior based on different usecases.

[manuel-sommer]

@mtesauro, Just a friendly reminder if I can start implementing this feature?