Replies: 1 comment 2 replies
-
|
Maybe I've been using DefectDojo wrong (I'm still setting it up properly) - I thought it was the intention to have individual assessments as individual tests, but to have the findings deduplicated by DefectDojo so that when you view the product as a whole you have a concrete list of findings? Please do tell me if I'm wrong! I can see the sense in wanting to reduce the number of tests if you review them individually. It could potentially also provision a test as it does now, but then store that ID on the project properties and use reimport if the ID is present. |
Beta Was this translation helpful? Give feedback.
-
|
You're probably right about typical usage, but the de-duplication strategy doesn't work for me so I have not enabled it. I'm less worried about point-in-time results than current results if that makes sense. |
Beta Was this translation helpful? Give feedback.
-
|
You're right both. The 2 strategies are ok. I mean users use both and DefectDojo support both use cases. |
Beta Was this translation helpful? Give feedback.
-
I just tested the Defect Dojo integration with one DTrack project and though the set up was easy, the behavior was unexpected.
The Synchronization step creates a new Test in the Engagement for every cadence iteration. This behavior would lead to an unusably large number of tests.
@alitheg --
I propose instead of the integration using an Engagement ID it uses a provisioned Test ID and Defect Dojo's reimport API so the results of the single test are simply updated, rather than a new test created each time the synchronizer runs.
It's been a while since I've coded java but I'd be happy to take a stab at it if everyone agrees to the change.
Beta Was this translation helpful? Give feedback.
All reactions