From f4afa4b5b642a8853ff78436ded10294b85b7cdd Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Fri, 13 Mar 2026 15:07:51 -0400 Subject: [PATCH] Analysis: support resolved_with_pedigree --- src/main/java/org/dependencytrack/model/AnalysisState.java | 3 ++- .../dependencytrack/notification/NotificationConstants.java | 1 + .../parser/cyclonedx/CycloneDXVexImporter.java | 2 +- .../dependencytrack/parser/cyclonedx/util/ModelConverter.java | 4 ++++ src/main/java/org/dependencytrack/util/NotificationUtil.java | 3 +++ .../notification/NotificationConstantsTest.java | 1 + 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/AnalysisState.java b/src/main/java/org/dependencytrack/model/AnalysisState.java index e634397f23..e8de0fa0e0 100644 --- a/src/main/java/org/dependencytrack/model/AnalysisState.java +++ b/src/main/java/org/dependencytrack/model/AnalysisState.java @@ -30,5 +30,6 @@ public enum AnalysisState { FALSE_POSITIVE, NOT_AFFECTED, RESOLVED, - NOT_SET + RESOLVED_WITH_PEDIGREE, + NOT_SET, } diff --git a/src/main/java/org/dependencytrack/notification/NotificationConstants.java b/src/main/java/org/dependencytrack/notification/NotificationConstants.java index a242e0d711..ad8d342871 100644 --- a/src/main/java/org/dependencytrack/notification/NotificationConstants.java +++ b/src/main/java/org/dependencytrack/notification/NotificationConstants.java @@ -51,6 +51,7 @@ public static class Title { public static final String ANALYSIS_DECISION_SUPPRESSED = "Analysis Decision: Finding Suppressed"; public static final String ANALYSIS_DECISION_UNSUPPRESSED = "Analysis Decision: Finding UnSuppressed"; public static final String ANALYSIS_DECISION_RESOLVED = "Analysis Decision: Finding Resolved"; + public static final String ANALYSIS_DECISION_RESOLVED_WITH_PEDIGREE = "Analysis Decision: Finding Resolved By Pedigree"; public static final String VIOLATIONANALYSIS_DECISION_APPROVED = "Violation Analysis Decision: Approved"; public static final String VIOLATIONANALYSIS_DECISION_REJECTED = "Violation Analysis Decision: Rejected"; public static final String VIOLATIONANALYSIS_DECISION_NOT_SET = "Violation Analysis Decision: Marking Finding as NOT SET"; diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/CycloneDXVexImporter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/CycloneDXVexImporter.java index e7729e55b8..ca89c7d74f 100644 --- a/src/main/java/org/dependencytrack/parser/cyclonedx/CycloneDXVexImporter.java +++ b/src/main/java/org/dependencytrack/parser/cyclonedx/CycloneDXVexImporter.java @@ -152,7 +152,7 @@ private static void updateAnalysis(final QueryManager qm, final Component compon } if (cdxVuln.getAnalysis().getState() != null) { analysisState = ModelConverter.convertCdxVulnAnalysisStateToDtAnalysisState(cdxVuln.getAnalysis().getState()); - suppress = (AnalysisState.FALSE_POSITIVE == analysisState || AnalysisState.NOT_AFFECTED == analysisState || AnalysisState.RESOLVED == analysisState); + suppress = (AnalysisState.FALSE_POSITIVE == analysisState || AnalysisState.NOT_AFFECTED == analysisState || AnalysisState.RESOLVED == analysisState || AnalysisState.RESOLVED_WITH_PEDIGREE == analysisState); AnalysisCommentUtil.makeStateComment(qm, analysis, analysisState, COMMENTER); } if (cdxVuln.getAnalysis().getJustification() != null) { diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java index 581bc280ba..44a972e9d0 100644 --- a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java +++ b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java @@ -1107,6 +1107,8 @@ private static org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State co return org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State.NOT_AFFECTED; case RESOLVED: return org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State.RESOLVED; + case RESOLVED_WITH_PEDIGREE: + return org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State.RESOLVED_WITH_PEDIGREE; default: return null; } @@ -1127,6 +1129,8 @@ public static AnalysisState convertCdxVulnAnalysisStateToDtAnalysisState(final o return AnalysisState.NOT_AFFECTED; case RESOLVED: return AnalysisState.RESOLVED; + case RESOLVED_WITH_PEDIGREE: + return AnalysisState.RESOLVED_WITH_PEDIGREE; default: return AnalysisState.NOT_SET; } diff --git a/src/main/java/org/dependencytrack/util/NotificationUtil.java b/src/main/java/org/dependencytrack/util/NotificationUtil.java index 77df7f7026..73a56b3809 100644 --- a/src/main/java/org/dependencytrack/util/NotificationUtil.java +++ b/src/main/java/org/dependencytrack/util/NotificationUtil.java @@ -171,6 +171,9 @@ public static void analyzeNotificationCriteria(final QueryManager qm, Analysis a case RESOLVED: title = NotificationConstants.Title.ANALYSIS_DECISION_RESOLVED; break; + case RESOLVED_WITH_PEDIGREE: + title = NotificationConstants.Title.ANALYSIS_DECISION_RESOLVED_WITH_PEDIGREE; + break; } } else if (suppressionChange) { if (analysis.isSuppressed()) { diff --git a/src/test/java/org/dependencytrack/notification/NotificationConstantsTest.java b/src/test/java/org/dependencytrack/notification/NotificationConstantsTest.java index fcb1989594..460bc073e6 100644 --- a/src/test/java/org/dependencytrack/notification/NotificationConstantsTest.java +++ b/src/test/java/org/dependencytrack/notification/NotificationConstantsTest.java @@ -47,5 +47,6 @@ void testConstants() { Assertions.assertEquals("Analysis Decision: Finding Suppressed", NotificationConstants.Title.ANALYSIS_DECISION_SUPPRESSED); Assertions.assertEquals("Analysis Decision: Finding UnSuppressed", NotificationConstants.Title.ANALYSIS_DECISION_UNSUPPRESSED); Assertions.assertEquals("Analysis Decision: Finding Resolved", NotificationConstants.Title.ANALYSIS_DECISION_RESOLVED); + Assertions.assertEquals("Analysis Decision: Finding Resolved By Pedigree", NotificationConstants.Title.ANALYSIS_DECISION_RESOLVED_WITH_PEDIGREE); } }