Support EPSS Score and EPSS Percentile for Aqua scan

[mahesh-ppro]

I was exploring the features of defectdojo and particularly looking for AQUASEC related scans. The scan downloaded from aqua contains the epss_score and epss_percentile fields. But when we upload the scan to defectdojo those fields get ignored. Is there a feature request for this already raised and tracked anywhere else. If not it would be great if we can get support for this.

[mtesauro]

I suspect that the parser for Aquasec was written before they started adding those into their tool's output.

Looking at the parser code and the most recent files used for unit tests, I don't see anything for EPSS.

If you can provide a sanitized example output from Aquasec, that will make it possible for someone to update how that parser works assuming you're not able to be a PR yourself.

Would be thrilled with a PR if you're able, look here for details:

• https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
• https://documentation.defectdojo.com/contributing/how-to-write-a-parser/

[mtesauro]

BTW, EPSS is stored in DefectDojo when a tool provides it (and the parser knows to extract it)

https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/models.py#L2275

[kiblik]

I noticed that since #10611 (#10616), we have available example file with epss_score and epss_percentile: https://github.com/search?q=repo%3ADefectDojo%2Fdjango-DefectDojo+path%3A%2F%5Eunittests%5C%2Fscans%5C%2Faqua%5C%2F%2F+epss_score&type=code

I believe some good soul might help here to extent the existing parser.

[manuel-sommer]

Could you close this issue please?