Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question on Missing Component Information in Black Duck Hub Scan Processing #9145

Closed
KK7NZY opened this issue Dec 11, 2023 · 6 comments
Closed

Question on Missing Component Information in Black Duck Hub Scan Processing #9145

KK7NZY opened this issue Dec 11, 2023 · 6 comments

Comments

@KK7NZY
Copy link

KK7NZY commented Dec 11, 2023
edited

Hello,

I recently uploaded a Black Duck Hub Scan and observed missing component information. Upon inspecting the code, I found that the component information does exist but is not being referenced when the BlackDuckFinding is created in the _process_project_findings method of BlackduckImporter.

I made a modification to the original code on lines 43 and 44 to read:

security_issue_dict.get("Component name") or security_issue_dict.get("Project name"),
security_issue_dict.get("Component version name") or security_issue_dict.get("Version"),

I'm unsure if this is a bug or if I might be misunderstanding the intended functionality. With that change I am now able to reference the component name and version fields.

Best,
KK7NZY
@kiblik
Copy link
Contributor

kiblik commented Dec 12, 2023

I see that there are different formats of Blackduck reports (e.g. many_vulns.csv and many_vulns_new_format.csv).
I suppose somebody just wrote it for the old format and it is a good idea to add it as you proposed.
If you already found the related line, can you change it and offer PR? Plus add some test.

@manuel-sommer
Copy link
Contributor

I can help you with a PR @KK7NZY

manuel-sommer added a commit to manuel-sommer/django-DefectDojo that referenced this issue Dec 12, 2023
@manuel-sommer
add component to blackduckimporter DefectDojo#9145
fe8f9fe
@manuel-sommer manuel-sommer mentioned this issue Dec 12, 2023
Merged
@KK7NZY
Copy link
Author

KK7NZY commented Dec 12, 2023

@manuel-sommer, I've prepared a draft PR available here. Any assistance in getting this PR merged would be greatly appreciated.

@manuel-sommer
Copy link
Contributor

Hi @KK7NZY I have already finished the PR. See linked PR above: #9148

@KK7NZY
Copy link
Author

KK7NZY commented Dec 13, 2023

Hey @manuel-sommer! That's awesome. Thank you! I'll go ahead and close out the other ticket. 😊👍

Maffooch pushed a commit that referenced this issue Dec 22, 2023
@manuel-sommer
add component to blackduckimporter #9145 (#9148)
df04f24 
* add component to blackduckimporter #9145

* added unittests

* 🐛 fix unittest
@manuel-sommer
Copy link
Contributor

This can be closed @mtesauro and @KK7NZY

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@KK7NZY @mtesauro @kiblik @manuel-sommer