The DefectDojo-Hook appears to "eat" some of my results. With the hook active, four findings from git-repo-scanner get truncated into a single finding, and with semgrep support (from the WIP branch over at #744) 9 findings are turned into 5 findings, with some findings that found the same issue in different files being removed. If I import the semgrep results into DefectDojo by hand using either the WebUI or the API, all 9 findings are found, so the issue has to be in our hook, I would assume.

I will investigate this more tomorrow / on thursday, leaving this issue here to document my progress. Did not have the time to reproduce the issue on a fresh setup today, will do so and add instructions for reproducing the issue if I can't debug this myself.