➹ New Feature implementation request

Is your feature request related to a problem?

As a secureCodeBox user with DefectDojo integration I would like to know what DefectDojo finding was created for each secureCodeBox finding (and vice-versa).

This would be useful in a case where you create a custom hook which sends notifications for very specific finding cases with a link to the DefectDojo finding. DefectDojo's notification support is very limited.

Possible solutions

These are some possible solutions that I came up with. I'm very happy to hear any other solutions!

1. It would make sense if the unique_id_from_tool field in the Finding model refers to SecureCodeBox's finding ID. Currently, however, the finding filters don't include this field yet (i.e. no way to get finding from the unique_id_from_tool field). This field is already updated with DefectDojo's generic importer, but some other existing importers write their own unique id into it. We would need to patch the created findings after creation.
2. The DefectDojo persistence provider updates the Minio finding so that it includes the DefectDojo finding ID.
3. The DefectDojo persistence provider is a ReadAndWriteHook which writes a map of SecureCodeBox ID -> DefectDojo ID back to the scan spec.