KICS partial import

[Acsigen]

Bug description
When importing a KICS json report, not all vulnerabilities are displayed in DefectDojo when compared to html version of KICS.

Steps to reproduce
Steps to reproduce the behavior:

1. Perform KICS scan with output as JSON and HTML
2. Import the report to a DefectDojo project
3. Compare the number of findings between DefectDojo and KICS HTML

Expected behavior
The number of vulnerabilities should be the same

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• Operating System: Ubuntu 22.04
• DefectDojo version: 2.21.0

Screenshots
KICS HTML report:

DefectDojo Vulnerabilities count after importing the KICS report:

Workaround:
Set the output format of KICS to Gitlab SAST and then import it in DefectDojo as Gitlab SAST.

[security101]

Yes, I have the same observation. 22 distinct findings within the json file but only 7 imported / presented running DD v2.24.1 (docker-compose). Work a round worked fine for me, too.

[manuel-sommer]

Hey @security101 and @Acsigen ,

could you please provide a sample report?

[Acsigen]

Hey @security101 and @Acsigen ,

could you please provide a sample report?

Sadly I don't have a report now. I will upload one as soon as I have a new project comming my way.

[manuel-sommer]

@quirinziessler maybe kics is interesting for you?

[manuel-sommer]

I found a bug in the existing implementation @Acsigen, but if you have another unittestfile, I could verify that this is the only introduced bug.

[manuel-sommer]

could you close this PR please @mtesauro