secureCodeBox · rfelber · Oct 24, 2021 · Oct 22, 2021 · Oct 22, 2021 · Oct 22, 2021
diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl
@@ -50,6 +50,17 @@ run ReadAndWrite hooks.
 ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
 :::
 
+:::caution
+
+The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not 
+have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312)
+if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are
+working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728).
+Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` 
+during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native 
+DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss.
+:::
+
 ### Running "Persistence DefectDojo" Hook Locally from Source
 For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
 

diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md
@@ -61,6 +61,17 @@ run ReadAndWrite hooks.
 ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
 :::
 
+:::caution
+
+The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not
+have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312)
+if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are
+working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728).
+Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false`
+during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native
+DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss.
+:::
+
 ### Running "Persistence DefectDojo" Hook Locally from Source
 For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
 

diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
@@ -69,6 +69,17 @@ run ReadAndWrite hooks.
 ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
 :::
 
+:::caution
+
+The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not
+have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312)
+if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are
+working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728).
+Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false`
+during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native
+DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss.
+:::
+
 ### Running "Persistence DefectDojo" Hook Locally from Source
 For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
 

diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
@@ -80,6 +80,17 @@ run ReadAndWrite hooks.
 ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
 :::
 
+:::caution
+
+The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not
+have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312)
+if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are
+working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728).
+Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false`
+during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native
+DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss.
+:::
+
 ### Running "Persistence DefectDojo" Hook Locally from Source
 For development purposes, it can be useful to run this hook locally. You can do so by following these steps: