Replies: 1 comment 2 replies
-
|
Maybe I've been using DefectDojo wrong (I'm still setting it up properly) - I thought it was the intention to have individual assessments as individual tests, but to have the findings deduplicated by DefectDojo so that when you view the product as a whole you have a concrete list of findings? Please do tell me if I'm wrong! I can see the sense in wanting to reduce the number of tests if you review them individually. It could potentially also provision a test as it does now, but then store that ID on the project properties and use reimport if the ID is present. |
Beta Was this translation helpful? Give feedback.
-
|
You're probably right about typical usage, but the de-duplication strategy doesn't work for me so I have not enabled it. I'm less worried about point-in-time results than current results if that makes sense. |
Beta Was this translation helpful? Give feedback.
-
|
You're right both. The 2 strategies are ok. I mean users use both and DefectDojo support both use cases. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I just tested the Defect Dojo integration with one DTrack project and though the set up was easy, the behavior was unexpected.
The Synchronization step creates a new Test in the Engagement for every cadence iteration. This behavior would lead to an unusably large number of tests.
@alitheg --
I propose instead of the integration using an Engagement ID it uses a provisioned Test ID and Defect Dojo's reimport API so the results of the single test are simply updated, rather than a new test created each time the synchronizer runs.
It's been a while since I've coded java but I'd be happy to take a stab at it if everyone agrees to the change.
Beta Was this translation helpful? Give feedback.
All reactions