From 42486628a94af1fadb86c0e8fb12142b3c0f8e8b Mon Sep 17 00:00:00 2001 From: Valentijn Scholten Date: Tue, 23 Dec 2025 19:40:45 +0100 Subject: [PATCH 1/3] Fix: Suppress expected JIRA validation alerts when auto-pushing Fixes #12988 When 'Push all issues' is enabled at the engagement level, DefectDojo attempts to automatically push all findings to JIRA during import/reimport. This causes alerts to be created for every finding that cannot be pushed due to expected validation failures (e.g., not verified, not active, below minimum threshold). These alerts flood the Alerts UI with noise since these are expected conditions, not actual errors. The fix distinguishes between: - Expected validation failures: Findings that aren't ready to be pushed (not verified/active, below threshold, etc.) - these are logged but don't create alerts - Unexpected errors: Configuration issues, connection problems, etc. - these still create alerts as they indicate real problems This ensures users only see alerts for actual problems while still logging expected validation failures for debugging purposes. --- dojo/jira_link/helper.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 9dbbd6deeee..b59bf162e67 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -893,13 +893,30 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: jira_project = get_jira_project(obj) jira_instance = get_jira_instance(obj) - obj_can_be_pushed_to_jira, error_message, _error_code = can_be_pushed_to_jira(obj) + obj_can_be_pushed_to_jira, error_message, error_code = can_be_pushed_to_jira(obj) if not obj_can_be_pushed_to_jira: + # Expected validation failures (not verified, not active, below threshold) + # should not create alerts when auto-pushing via "push all issues" + # These are expected conditions that don't indicate a problem + expected_validation_errors = [ + "error_not_active_or_verified", + "error_below_minimum_threshold", + "error_empty", + "error_inactive", + ] + # not sure why this check is not part of can_be_pushed_to_jira, but afraid to change it if isinstance(obj, Finding) and obj.duplicate and not obj.active: logger.warning("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) - log_jira_cannot_be_pushed_reason(error_message + " and findis a duplicate", obj) + # Duplicates are expected, don't create alerts + logger.info("%s cannot be pushed to JIRA: %s (expected - duplicate finding)", + to_str_typed(obj), error_message) + elif error_code in expected_validation_errors: + # These are expected when auto-pushing, only log, don't alert + logger.info("%s cannot be pushed to JIRA: %s (expected - finding not ready yet)", + to_str_typed(obj), error_message) else: + # Unexpected errors (configuration issues, etc.) should still alert log_jira_cannot_be_pushed_reason(error_message, obj) logger.warning("%s cannot be pushed to JIRA: %s.", to_str_typed(obj), error_message) logger.warning("The JIRA issue will NOT be created.") From 8c39ebea0da5a851130cfd56fb27046f25f2730b Mon Sep 17 00:00:00 2001 From: Valentijn Scholten Date: Wed, 24 Dec 2025 20:22:26 +0100 Subject: [PATCH 2/3] fix --- dojo/jira_link/helper.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 2daaec3b4d4..0e81bef214a 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -902,12 +902,11 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: jira_project = get_jira_project(obj) jira_instance = get_jira_instance(obj) - if not jira_instance: message = f"Object {obj.id} cannot be pushed to JIRA as the JIRA instance has been deleted or is not available." return failure_to_add_message(message, None, obj) - obj_can_be_pushed_to_jira, error_message, _error_code = can_be_pushed_to_jira(obj) + obj_can_be_pushed_to_jira, error_message, error_code = can_be_pushed_to_jira(obj) if not obj_can_be_pushed_to_jira: # Expected validation failures (not verified, not active, below threshold) # should not create alerts when auto-pushing via "push all issues" From 8a84b820145a1f402d73ab38210069df4186b853 Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Mon, 29 Dec 2025 18:27:32 +0100 Subject: [PATCH 3/3] Update dojo/jira_link/helper.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --- dojo/jira_link/helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 0e81bef214a..e59eab31a8c 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -920,7 +920,7 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: # not sure why this check is not part of can_be_pushed_to_jira, but afraid to change it if isinstance(obj, Finding) and obj.duplicate and not obj.active: - logger.warning("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) + logger.info("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) # Duplicates are expected, don't create alerts logger.info("%s cannot be pushed to JIRA: %s (expected - duplicate finding)", to_str_typed(obj), error_message)