Finding path and source code

[apxitekt0r]

Hi everyone! Maybe I don't understand or don't know how but it will be great to unite the findings path of scan with the sour code uri method in impot scan in api.

Actually it works online with Engagements. But import-scan has a method for source code too in api. And for me, idea to rewrite the path in engagements or creating new engagement after scan looks like a bad way

For myself I can rewrite code but for others it will be nice to see this function in defectdojo.

[manuel-sommer]

@apxitekt0r, I don't really get what you want. Could you please write steps to reproduce the issue and what you would want to achieve? Maybe also a screenshot would help? Please be more precise, I can hardly follow your description.

[apxitekt0r]

@apxitekt0r, I don't really get what you want. Could you please write steps to reproduce the issue and what you would want to achieve? Maybe also a screenshot would help? Please be more precise, I can hardly follow your description.

I mean that.

On screenshots you can see the repo source on engagements and import-scan (api function) but when you use source code uri in import-scan it doesn't work to create a link with -/blob/(tag/Brach) for imported test. It works only if you rewrite repo in engagements. I want to use function source code repo for test scan without rewrite repo in engagements.

[manuel-sommer]

Can you make a PR to fix this?

[manuel-sommer]

@quirinziessler fyi.

[quirinziessler]

The question is: Is this useful? In my eyes not. Engagements should reflect only one single repository. So I would rather suggest to remove the irritating repo uri input from the findings api then to passing it trough and overwrite the engagement setting. Why don't you just update/patch the engagement accordingly @apxitekt0r? Then if you click on a findings detail you will be redirected to the repo and finding location.

[apxitekt0r]

The question is: Is this useful? In my eyes not. Engagements should reflect only one single repository. So I would rather suggest to remove the irritating repo uri input from the findings api then to passing it trough and overwrite the engagement setting. Why don't you just update/patch the engagement accordingly @apxitekt0r? Then if you click on a findings detail you will be redirected to the repo and finding location.

In my vision if I rewrite a repo path for old findings, url source code of finding changes too. But sometimes I need to compare old and new tags, for example. And for this I need to create new engagement for every new scans. Also scans use branch/tag but I can't use it for url in finding path without rewrite engagement repo. And I can't to push tickets to Jira with tags from scans, just from engagements.

[apxitekt0r]

Is it possible to change code and work logic?

[manuel-sommer]

Sure, can you do a PR to improve the functionality?

[apxitekt0r]

I haven't rewrite code yet to try PR.

[manuel-sommer]

Maybe the PR will also be interesting for @quirinziessler

[manuel-sommer]

But I guess you should make up your mind if you do the PR to really advance / improve the already existing feature. Otherwise, it might not get merged. I haven't used this feature yet, so I can't really judge on this.