-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Burp Scan to use Hashcode Dedupe #11419
base: bugfix
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
Why file_path if this is DAST/endpoint? |
DryRun Security SummaryThe pull request aims to enhance DefectDojo's handling of Burp Scan findings by updating SAML attribute mapping and implementing a specific deduplication algorithm for the Burp Scan parser. Expand for full summarySummary: The code changes in this pull request are focused on improving the handling and integration of findings from the Burp Scan parser in the DefectDojo application. The changes involve updating the These changes are relevant from an application security perspective, as they suggest that the DefectDojo application is integrating with a SAML-based authentication system and processing findings from the Burp Scan tool, which is a common source of security vulnerability data for web applications. The use of the Files Changed:
These changes are focused on improving the handling and integration of findings from the Burp Scan parser, which is a common source of security vulnerability data for web applications. Code AnalysisWe ran |
Excellent question. I was only paying attention to what items were available/listed in the scanner test files. I updated to remove file_path |
[sc-9358]
Update Burp scan to use hashcode deduplication (versus legacy). Fields of relevance are title, file_path, severity, and vuln_id_from_tool.