Add the configurable refetchWaitSeconds parameter #99
Conversation
It can happen that the results refetched from the DefectDojo API are incorrect. This only happens if the deduplication feature is enabled in DefectDojo. The cause for this is that after importing a finding is deduplicated in the background and depending on how performant your DefectDojo is, this might take a couple of seconds to finish. If the results are refetched before the deduplication finishes and the status of all findings has been updated, the results we get back from the API will not be correct. The attributes which might be incorrect include but are not limited to falsePositive, duplicate, riskAccepted and outOfScope. Allowing the user to configure a sleep/wait in seconds helps to fix this in flexible way. By allowing the user adjust this depending on the load and performance on their DefectDojo installation. Signed-off-by: Maximilian Dorner <[email protected]>
src/main/java/io/securecodebox/persistence/defectdojo/config/Config.java
Outdated
Show resolved
Hide resolved
By making sure the new parameter is in the last place we keep is a non breaking change. Signed-off-by: Maximilian Dorner <[email protected]>
|
@moxli for me this should be ready to go. |
|
@J12934 Thank you :) I was thinking about adding a separate service like you mentioned here: Because if it shall be part of the hook I guess we would need to implement the wait parameter in PersistenceProviderConfig.java? :) |
Ah sorry forgot about the question. Writing this I'm now wondering if we really want to put this config in the client config at all :/ |
|
@J12934 Yes I agree with you. I will try to implement this inside of the hook change the PR if it works. :) |
|
This is to be continued without changes to this lib here: secureCodeBox/secureCodeBox#2133 |
fixes #98
relates to secureCodeBox/secureCodeBox#2133