Fix: Suppress expected JIRA validation alerts when pushing (Fixes #12988) #13974
Conversation
Fixes DefectDojo#12988 When 'Push all issues' is enabled at the engagement level, DefectDojo attempts to automatically push all findings to JIRA during import/reimport. This causes alerts to be created for every finding that cannot be pushed due to expected validation failures (e.g., not verified, not active, below minimum threshold). These alerts flood the Alerts UI with noise since these are expected conditions, not actual errors. The fix distinguishes between: - Expected validation failures: Findings that aren't ready to be pushed (not verified/active, below threshold, etc.) - these are logged but don't create alerts - Unexpected errors: Configuration issues, connection problems, etc. - these still create alerts as they indicate real problems This ensures users only see alerts for actual problems while still logging expected validation failures for debugging purposes.
valentijnscholten
requested review from
Maffooch and
mtesauro
as code owners
valentijnscholten
changed the title
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
@valentijnscholten these alerts are necessary at the UI level for troubleshooting why a Jira issue didn't push - especially in cases where users don't have access to software logs. Maybe this could be a system setting toggle? But I don't want this to be off by default. |
|
They're basically only off for unexpected situations not covered by the UI. Most cases should be covered by the UI not giving the option to push because the finding is not active for example. |
|
Currently when you use Bulk Edit to push Findings to Jira, there is no warning raised in the UI preventing you from doing this, you simply get a confirmation that your action was successful along with your attempted Push To Jira. The only way you can tell that something didn't work is from Alerts. I think this is something that could be fixed, but for now the UI doesn't do a great job of alerting you at least in that case. |
|
@paulOsinski I created another PR focused on still generating alerts for UI initiated pushes to JIRA. But during testing those changes I found out that the UI initiated pushes already generate django messages on screen. 
|
Unless that UI is the Pro UI 😉 |
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
|
@Maffooch Which approach to you prefer? I'll wait with resolving conflicts until we know which way we want to go. |
|
The only case we have left that does not alert is API based imports. I think it feels reasonable to suppress alerts when doing in this case only as the alerts do tend to flood the whole queue. If a user discovers a finding that should have been pushed, then the next step would be to attempt pushing the finding manually through the UI. In that case, the error message will be provided on screen |
|
But not on Pro UI it seems? |
4 participants
Description
This PR fixes issue #12988 by suppressing unnecessary alerts when findings cannot be pushed to JIRA due to expected validation failures during automatic pushes.
Problem
When 'Push all issues' is enabled at the engagement level, DefectDojo attempts to automatically push all findings to JIRA during import/reimport. This causes alerts to be created for every finding that cannot be pushed due to expected validation failures (e.g., not verified, not active, below minimum threshold).
These alerts flood the Alerts UI with noise since these are expected conditions, not actual errors. Users cannot disable these alerts without also disabling alerts for real JIRA problems.
Solution
The fix distinguishes between:
Changes
add_jira_issue()indojo/jira_link/helper.pyto check the error code returned bycan_be_pushed_to_jira()error_not_active_or_verified,error_below_minimum_threshold,error_empty,error_inactive) are now logged but don't create alertsRelated Issue
Fixes #12988