-
We are running It is normal to have the same SCA vulnerabilities across repos and we need to let developers know all repos affected. Hopefully I am missing something about the way DefectDojo works. Regardless, any help or pointers are greatly appreciated. Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Are you importing or using re-import? details here If using re-import, is the scope of what your scanning the same? Or are you scanning repo 1 and importing, then scanning repo 2 and re-importing, then scanning repo 3 and re-importing? For re-imports, it's important that from scan to scan the thing being scanned (aka the scope) is the same. Are you dedup'ing at the product or engagement level? details here Have you adjusted the hash algorithm used for dedup'ing Snyk SCA scans? The default is this. Details on how the algorithm works is here |
Beta Was this translation helpful? Give feedback.
Are you importing or using re-import? details here
If using re-import, is the scope of what your scanning the same? Or are you scanning repo 1 and importing, then scanning repo 2 and re-importing, then scanning repo 3 and re-importing? For re-imports, it's important that from scan to scan the thing being scanned (aka the scope) is the same.
Are you dedup'ing at the product or engagement level? details here
Have you adjusted the hash algorithm used for dedup'ing Snyk SCA scans? The default is this. Details on how the algorithm works is here