🎉 Add fix_available to Trivy (#13057)

manuel-sommer · web-flow · commit 64e1754e4c39 · 2025-08-29T18:42:33.000+02:00
* 🎉 Add fix_available to Trivy

* review
diff --git a/docs/content/en/connecting_your_tools/parsers/file/trivy.md b/docs/content/en/connecting_your_tools/parsers/file/trivy.md
@@ -32,3 +32,6 @@ By default, DefectDojo identifies duplicate Findings using these [hashcode field
 - vulnerability ids
 - cwe
 - description
+
+### Field fix_available
+In case a mitigation is available, then field 'fix_available' is set to True. 
diff --git a/dojo/tools/trivy/parser.py b/dojo/tools/trivy/parser.py
@@ -289,6 +289,9 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                 package_version = vuln.get("InstalledVersion", "")
                 references = "\n".join(vuln.get("References", []))
                 mitigation = vuln.get("FixedVersion", "")
+                fix_available = True
+                if mitigation == "":
+                    fix_available = False
                 impact = vuln.get("Status", "")
                 status_fields = self.convert_trivy_status(vuln.get("Status", ""))
                 cwe = int(vuln["CweIDs"][0].split("-")[1]) if len(vuln.get("CweIDs", [])) > 0 else 0
@@ -317,6 +320,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                     cvssv3_score=cvssv3_score,
                     static_finding=True,
                     dynamic_finding=False,
+                    fix_available=fix_available,
                     tags=[vul_type, target_class],
                     service=service_name,
                     **status_fields,
@@ -370,6 +374,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                     references=references,
                     description=description,
                     mitigation=misc_resolution,
+                    fix_available=True,
                     static_finding=True,
                     dynamic_finding=False,
                     tags=[target_type, target_class],
@@ -402,6 +407,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                     line=secret_start_line,
                     static_finding=True,
                     dynamic_finding=False,
+                    fix_available=True,
                     tags=[target_class],
                     service=service_name,
                 )
@@ -435,6 +441,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                     url=license_link,
                     static_finding=True,
                     dynamic_finding=False,
+                    fix_available=True,
                     tags=[target_class],
                     service=service_name,
                 )
diff --git a/unittests/tools/test_trivy_parser.py b/unittests/tools/test_trivy_parser.py
@@ -71,6 +71,7 @@ def test_scheme_2_many_vulns(self):
             self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3)
             self.assertTrue(finding.static_finding)
             self.assertFalse(finding.dynamic_finding)
+            self.assertTrue(finding.fix_available)
 
     def test_misconfigurations_and_secrets(self):
         with sample_path("misconfigurations_and_secrets.json").open(encoding="utf-8") as test_file:
