Skip to content

Include analysis.detail from Dependency Track FPF in finding description#14931

Open
webdevred wants to merge 4 commits into
DefectDojo:masterfrom
webdevred:forward-analysis-detail-from-dependency-track
Open

Include analysis.detail from Dependency Track FPF in finding description#14931
webdevred wants to merge 4 commits into
DefectDojo:masterfrom
webdevred:forward-analysis-detail-from-dependency-track

Conversation

@webdevred

@webdevred webdevred commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

Show Dependency Track audit detail in finding description

When Dependency Track pushes findings via the Finding Packaging Format, analysts can attach free-text notes to each finding through the analysis.detail field. This field was already parsed and available in the FPF document but was silently ignored, so auditors working in DefectDojo had no way to see those notes without going back to Dependency Track.

This appends the audit detail to the finding description under an "Audit Detail:" label when present. Findings without audit detail are unaffected. The change requires Dependency Track 4.14.0 or later, which is when analysis.detail was added to the FPF output (see companion PR in the Dependency Track repo).

Related to DependencyTrack/dependency-track#6181

@webdevred webdevred mentioned this pull request May 28, 2026
Open
5 tasks
valentijnscholten
valentijnscholten reviewed May 31, 2026
View reviewed changes
Comment thread dojo/tools/dependency_track/parser.py Outdated
@valentijnscholten valentijnscholten added this to the 2.59.1 milestone May 31, 2026
valentijnscholten
valentijnscholten reviewed May 31, 2026
View reviewed changes

@valentijnscholten valentijnscholten left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rebase against the bugfix branch?

webdevred added 2 commits May 31, 2026 21:19
@webdevred
Include analysis.detail from Dependency Track FPF in finding description
f4e0606 
When Dependency Track sends findings via the Finding Packaging Format, the
analysis.detail field is now forwarded alongside analysis.state. This appends
the audit detail text to the finding description under an "Audit Detail:" label,
making analyst notes visible without switching back to Dependency Track.
@webdevred
Move audit detail to top of finding description
c3494e1
@webdevred webdevred force-pushed the forward-analysis-detail-from-dependency-track branch from 06fbd18 to c3494e1 Compare May 31, 2026 19:20
@github-actions github-actions Bot added helm and removed helm labels May 31, 2026
@webdevred webdevred force-pushed the forward-analysis-detail-from-dependency-track branch from ff3a351 to c3494e1 Compare June 1, 2026 17:26
@mtesauro mtesauro modified the milestones: 2.59.1, 2.60.0 Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentijnscholten valentijnscholten valentijnscholten left review comments

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

parser unittests

Projects

None yet

Milestone

2.60.0

Development

Successfully merging this pull request may close these issues.

3 participants

@webdevred @valentijnscholten @mtesauro