search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.62k stars 1.52k forks source link

Metrics for open findings wrong when SLA is breached #7170

Open italvi opened 1 year ago

italvi commented 1 year ago

Bug description When the SLA of a vulnerability is breached it seems like the vulnerability is not count as open anymore, even though it still was not mitigated/handled.

Steps to reproduce Steps to reproduce the behavior:

  1. Go to a product and see the metrics: image
  2. As you can see there are 4 active findings and the metrics also says that they are 4: image
  3. Now go to the findings and edit a finding so it breaches the SLA, for example I did this with the "Test" finding, which is still listed in the tabs open findings: image
  4. Go back to metrics and you will see only 3 open findings even though the findings tab still show 4 and you have seen before that there are 4 open findings: image

Expected behavior A finding that breached the SLA should still be shown in the metrics as an open finding till it is really inactive/mitigated.

Deployment method (select with an X)

Environment information

coheigea commented 1 year ago

I think the problem here is that you are changing the date of the finding before the date of the test/engagement. It only displays metrics for findings from the start date of the test/engagement.