From 4101abf00bd7b4a17379b4f8caf6149ee2e7d116 Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Sun, 15 Mar 2026 01:52:07 -0400 Subject: [PATCH 1/2] Fix Tenable hash code calculation by removing dynamic description field fixes #11994 --- dojo/settings/settings.dist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 4bf0fbc651e..b71687a649c 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1399,7 +1399,7 @@ def saml2_attrib_map_format(din): "Dependency Track Finding Packaging Format (FPF) Export": ["component_name", "component_version", "vulnerability_ids"], "Horusec Scan": ["title", "description", "file_path", "line"], "Mobsfscan Scan": ["title", "severity", "cwe", "file_path", "description"], - "Tenable Scan": ["title", "severity", "vulnerability_ids", "cwe", "description"], + "Tenable Scan": ["title", "severity", "vulnerability_ids", "cwe"], "Nexpose Scan": ["title", "severity", "vulnerability_ids", "cwe"], # possible improvement: in the scanner put the library name into file_path, then dedup on cwe + file_path + severity "NPM Audit Scan": ["title", "severity", "file_path", "vulnerability_ids", "cwe"], From 03656c734cacf88e0ddd14f4ac5d749c888f8038 Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Wed, 17 Jun 2026 03:57:42 -0400 Subject: [PATCH 2/2] Add upgrade notes for Tenable hash code change in 3.1.0 --- docs/content/releases/os_upgrading/3.1.0.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 docs/content/releases/os_upgrading/3.1.0.md diff --git a/docs/content/releases/os_upgrading/3.1.0.md b/docs/content/releases/os_upgrading/3.1.0.md new file mode 100644 index 00000000000..d72785c4db3 --- /dev/null +++ b/docs/content/releases/os_upgrading/3.1.0.md @@ -0,0 +1,19 @@ +--- +title: 'Upgrading to DefectDojo Version 3.1.0' +toc_hide: true +weight: -20260617 +description: Tenable Hash Code Change +--- +## Change: Tenable Hash Code Calculation +The `description` field has been removed from the Tenable scan parser hash code configuration. The deduplication hash is now calculated using only: `title`, `severity`, `vulnerability_ids`, and `cwe`. + +The `description` field contained dynamic plugin output data (scan results, timestamps, affected hosts) that changed between scans of the same vulnerability, causing deduplication to fail and creating duplicate findings on reimport. + +### Impact +Existing Tenable findings may be marked as closed and recreated as new findings due to the change in hash values. + +### Required Actions +After upgrading, run the following command to recalculate hash codes for existing Tenable findings: + + python manage.py dedupe --hash_code_only +