diff --git a/docs/content/releases/os_upgrading/3.1.0.md b/docs/content/releases/os_upgrading/3.1.0.md new file mode 100644 index 00000000000..d72785c4db3 --- /dev/null +++ b/docs/content/releases/os_upgrading/3.1.0.md @@ -0,0 +1,19 @@ +--- +title: 'Upgrading to DefectDojo Version 3.1.0' +toc_hide: true +weight: -20260617 +description: Tenable Hash Code Change +--- +## Change: Tenable Hash Code Calculation +The `description` field has been removed from the Tenable scan parser hash code configuration. The deduplication hash is now calculated using only: `title`, `severity`, `vulnerability_ids`, and `cwe`. + +The `description` field contained dynamic plugin output data (scan results, timestamps, affected hosts) that changed between scans of the same vulnerability, causing deduplication to fail and creating duplicate findings on reimport. + +### Impact +Existing Tenable findings may be marked as closed and recreated as new findings due to the change in hash values. + +### Required Actions +After upgrading, run the following command to recalculate hash codes for existing Tenable findings: + + python manage.py dedupe --hash_code_only + diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index e0edbf0d192..f966ce2faea 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1013,7 +1013,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param "Dependency Track Finding Packaging Format (FPF) Export": ["component_name", "component_version", "vulnerability_ids"], "Horusec Scan": ["title", "description", "file_path", "line"], "Mobsfscan Scan": ["title", "severity", "cwe", "file_path", "description"], - "Tenable Scan": ["title", "severity", "vulnerability_ids", "cwe", "description"], + "Tenable Scan": ["title", "severity", "vulnerability_ids", "cwe"], "Nexpose Scan": ["title", "severity", "vulnerability_ids", "cwe"], # possible improvement: in the scanner put the library name into file_path, then dedup on cwe + file_path + severity "NPM Audit Scan": ["title", "severity", "file_path", "vulnerability_ids", "cwe"],