Skip to content

Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser #13973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
valentijnscholten wants to merge 3 commits into
base: bugfix
Choose a base branch
from
Open

Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser #13973

valentijnscholten wants to merge 3 commits into from
+26 −11

Conversation

@valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Dec 23, 2025

Description

This PR fixes issue #12442 where importing BlackDuck Binary Analysis CSV reports does not populate the vulnerability_id field, even though vuln_id_from_tool is correctly set with the CVE.

Changes

  • Added unsaved_vulnerability_ids assignment when CVE is present in the finding
  • This ensures the vulnerability_id field is populated for de-duplication purposes
  • Follows the same pattern used in other parsers (e.g., dependency_check, openreports, auditjs)

Testing

  • Tested with the existing scan test files in unittests/scans/blackduck_binary_analysis/
  • The vulnerability_id field is now populated with the CVE value

Fixes #12442

@valentijnscholten
Fix Tenable CSV import fails with 'Version of CPE not implemented'
3c0c160 
- Add exception handling around CPE parsing in TenableCSVParser
- Log unsupported CPE versions at DEBUG level instead of crashing
- Allows import to continue when encountering unsupported CPE formats
- Fixes issue DefectDojo#11243
@valentijnscholten
Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser
7762d66 
- Add unsaved_vulnerability_ids assignment when CVE is present
- This ensures the vulnerability_id field is populated for de-duplication
- Fixes DefectDojo#12442
@valentijnscholten valentijnscholten linked an issue Dec 23, 2025 that may be closed by this pull request
Importing Blackduck Binary Analysis reports does not populate the Vulnerability Id field #12442
Closed
3 tasks
@valentijnscholten
Test: Add assertions for vulnerability_id field in BlackDuck Binary A…
51962b2 
…nalysis parser tests

- Verify unsaved_vulnerability_ids is populated with CVE value
- Add specific assertion for single vuln test case
- Add general assertion for multiple vulns test case
- Related to DefectDojo#12442
@valentijnscholten valentijnscholten added this to the 2.53.5 milestone Dec 23, 2025
mtesauro
mtesauro approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Awaiting requested review from Jino-T

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

parser unittests

Projects

None yet

Milestone

2.53.5

Development

Successfully merging this pull request may close these issues.

Importing Blackduck Binary Analysis reports does not populate the Vulnerability Id field

3 participants

@valentijnscholten @mtesauro @Maffooch