docs: Pro set-based deduplication hash code fields (WIP)#15154
Draft
valentijnscholten wants to merge 1 commit into
Draft
docs: Pro set-based deduplication hash code fields (WIP)#15154valentijnscholten wants to merge 1 commit into
valentijnscholten wants to merge 1 commit into
Conversation
…+ CWE matchers) Document the Pro Tuner set-match hash-code fields: vulnerability_ids (exact), vulnerability_ids_partial/_subset, and cwes_partial/_subset — what each matches, how _partial/_subset are compared per pair rather than hashed, the empty-set behavior (abstain when another hashed field gates the pair; no match when the matcher is the sole field), and the config rules (a vulnerability IDs field may stand alone; CWE fields may not be the only criteria).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔗 PR stack — CWE / vulnerability-ID consolidation (OSS)
Merge bottom-up: #15145 → #15143 → (#15154, #15155). 👉 This PR: #15154
Documentation for the DefectDojo Pro set-match deduplication fields (Pro Tuner). Adds a "Set-based Hash Code Fields" section to the Pro deduplication tuning page covering the vulnerability-ID and CWE set matchers (
vulnerability_idsexact,vulnerability_ids_partial/_subset,cwes_partial/_subset), their empty-set behavior, and the configuration rules.Stack (merge bottom-up)
feat/vulnerability-id-type(autodetected vulnerability ID type + uniqueness) →devfeat/cwe-vuln-id-consolidation(multiple CWEs per finding) → stacked on feat(finding): copy finding fix + autodetected vulnerability id type + uniqueness constraint #15145feat/cwe-vuln-id-consolidation)The CWE matchers documented here rely on the
Finding_CWEmodel from #15143, so this PR is based on that branch. It accompanies the DefectDojo Profeat/dedupe-set-match-tokensPR (dojo-pro #1749), which implements the fields.