duplicates are created in jira

[loschakov]

Bug description
Duplicates(By duplicate, I mean a completely identical task) are created in jira for some findings from Dependency-track. Deduplication is enabled. duplicates are not created for all findings. Judging by the logs, they should not be created.

Steps to reproduce
Steps to reproduce the behavior:

1. create test
2. upload fpf file
3. import to jira

Expected behavior
Only one task is created for each finding.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• Operating System: RHEL 7.9
• Docker Compose 1.18.0
• DefectDojo version 2.38.4

Logs
[27/Mar/2025 09:50:48] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:48] DEBUG [dojo.jira_link.helper:231] found jira_instance Prediction Jira | https://tracker.xxx.ru | defectdojo for vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:48] DEBUG [dojo.jira_link.helper:809] sending fields to JIRA: {'project': {'key': 'SDL'}, 'issuetype': {'name': 'Defect'}, 'summary': 'vite:5.4.6 Affected By: CVE-2025-24010 (NVD)', 'description': '\n\n\n\n\n\nSeverity: Medium\n\n\nDue Date: June 25, 2025\n\n\n\nCWE: [CWE-346|https://cwe.mitre.org/data/definitions/346.html]\n\n\n\nCVE: [GHSA-vg6x-rcgg-rjx6|https://github.com/advisories/GHSA-vg6x-rcgg-rjx6]\n\n\n\nCVSSv3 Score: 6.5 \n\n\n\n\n\n\n\n\n\n\n\nVulnerable Component: vite - 5.4.6\n\n\n\n\nSource File: pkg:npm/vite@5.4.6\n\n\n\n\nDescription:\nYou are using a component with a known vulnerability. Version 5.4.6 of the vite component is affected by the vulnerability with an id of CVE-2025-24010 as identified by snykId.\nThe purl of the affected component is: pkg:npm/vite@5.4.6.\nVulnerability Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.\n\n\n\n\n\n\n\n\n\n', 'labels': ['GHSA-vg6x-rcgg-rjx6', 'CVE-2025-24010'], 'priority': {'name': 'Medium'}, 'assignee': {'name': 'George'}}
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:811] saving JIRA_Issue for SDL-91 finding 11826
[27/Mar/2025 09:50:50] INFO [dojo.jira_link.helper:818] Created the following jira issue for 11826:<class 'dojo.models.Finding'>: vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:826] new issue created with assignee George Ilia
[27/Mar/2025 09:50:50] DEBUG [dojo.utils:2263] getting images for <class 'dojo.models.Finding'>:vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:50] INFO [celery.app.trace:128] Task dojo.jira_link.helper.add_jira_issue_for_finding[208a8de5-adc6-4eb7-bcb9-5ab2b79671f7] succeeded in 2.3333231434226036s: True
[27/Mar/2025 09:50:50] INFO [celery.worker.strategy:161] Task dojo.jira_link.helper.add_jira_issue_for_finding[2c159697-71c9-4eb9-9479-c2aa02af59cf] received
[27/Mar/2025 09:50:50] DEBUG [celery.pool:149] TaskPool: Apply <function fast_trace_task at 0x7f4f944a51c0> (args:('dojo.jira_link.helper.add_jira_issue_for_finding', '2c159697-71c9-4eb9-9479-c2aa02af59cf', {'lang': 'py', 'task': 'dojo.jira_link.helper.add_jira_issue_for_finding', 'id': '2c159697-71c9-4eb9-9479-c2aa02af59cf', 'shadow': None, 'eta': None, 'expires': None, 'group': None, 'group_index': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'ba809b11-083a-4db0-8d39-ddcd473c899a', 'parent_id': 'ba809b11-083a-4db0-8d39-ddcd473c899a', 'argsrepr': '(11827,)', 'kwargsrepr': "{'async_user': None}", 'origin': 'gen1@7e543173517b', 'ignore_result': True, 'replaced_task_nesting': 0, 'stamped_headers': None, 'stamps': {}, 'properties': {'correlation_id': '2c159697-71c9-4eb9-9479-c2aa02af59cf', 'reply_to': '74680716-bae2-35c3-b21e-646babd9c150', 'delivery_mode': 2, 'delivery_info': {'exchange': '', 'routing_key': 'celery'}, 'priority': 0, 'body_encoding': 'base64', 'delivery_tag': '123085d7-8a39-4b5b-8283-d06dedd866dd'}, 'reply_to': '74680716-bae2-35c3-b21e-646babd9c150', 'correlation_id':... kwargs:{})
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:99] args:(11827,)
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:100] kwargs:{'async_user': None}
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:102] checking if we need to convert id to model: Finding for parameter: 0
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:142] model_or_id: 11827
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:25] user: None
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:31] dojo_async_task <function add_jira_issue_for_finding at 0x7f4f9008ed40>: no current user, running task in the background
[27/Mar/2025 09:50:50] DEBUG [dojo.decorators:108] instantiating model_or_id: 11827 for model: <class 'dojo.models.Finding'>
[27/Mar/2025 09:50:50] INFO [dojo.jira_link.helper:747] trying to create a new jira issue for 11827:<class 'dojo.models.Finding'>: vite:5.4.6 Affected By: CVE-2025-30208 (NVD)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:231] found jira_instance Prediction Jira | https://tracker.xxx.ru | defectdojo for vite:5.4.6 Affected By: CVE-2025-30208 (NVD)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:134] can_be_pushed_to_jira: True, True, Medium
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:768] Trying to create a new JIRA issue for <class 'dojo.models.Finding'>: vite:5.4.6 Affected By: CVE-2025-30208 (NVD)...
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:394] logged in to JIRA https://tracker.xxx.ru successfully
[27/Mar/2025 09:50:50] DEBUG [dojo.utils:2236] getting product for <class 'dojo.models.Finding'>:vite:5.4.6 Affected By: CVE-2025-30208 (NVD)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:600] rendering description for jira from: issue-trackers/jira_iw/jira-description.tpl
[27/Mar/2025 09:50:50] DEBUG [dojo.jira_link.helper:609] rendered description:
...
[27/Mar/2025 09:50:53] DEBUG [dojo.jira_link.helper:200] found jira_project 32: SDL(https://tracker.xxx.ru) for Engagement 37: testdublicates (Feb 25, 2025)
[27/Mar/2025 09:50:53] DEBUG [dojo.jira_link.helper:231] found jira_instance Prediction Jira | https://tracker.xxx.ru | defectdojo for vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:53] DEBUG [dojo.jira_link.helper:809] sending fields to JIRA: {'project': {'key': 'SDL'}, 'issuetype': {'name': 'Defect'}, 'summary': 'vite:5.4.6 Affected By: CVE-2025-24010 (NVD)', 'description': '\n\n\n\n\n\nSeverity: Medium\n\n\nDue Date: June 25, 2025\n\n\n\nCWE: [CWE-346|https://cwe.mitre.org/data/definitions/346.html]\n\n\n\nCVE: [GHSA-vg6x-rcgg-rjx6|https://github.com/advisories/GHSA-vg6x-rcgg-rjx6]\n\n\n\nCVSSv3 Score: 6.5 \n\n\n\n\n\n\n\n\n\n\n\nVulnerable Component: vite - 5.4.6\n\n\n\n\nSource File: pkg:npm/vite@5.4.6\n\n\n\n\nDescription:\nYou are using a component with a known vulnerability. Version 5.4.6 of the vite component is affected by the vulnerability with an id of CVE-2025-24010 as identified by snykId.\nThe purl of the affected component is: pkg:npm/vite@5.4.6.\nVulnerability Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.\n\n\n\n\n\n\n\n\n\n', 'labels': ['GHSA-vg6x-rcgg-rjx6', 'CVE-2025-24010'], 'priority': {'name': 'Medium'}, 'assignee': {'name': 'George'}}
[27/Mar/2025 09:50:54] DEBUG [dojo.jira_link.helper:811] saving JIRA_Issue for SDL-93 finding 11826
[27/Mar/2025 09:50:54] ERROR [dojo.jira_link.helper:742] duplicate key value violates unique constraint "dojo_jira_issue_finding_id_key"
DETAIL: Key (finding_id)=(11826) already exists.
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 105, in _execute
return self.cursor.execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/psycopg/cursor.py", line 97, in execute
raise ex.with_traceback(None)
psycopg.errors.UniqueViolation: duplicate key value violates unique constraint "dojo_jira_issue_finding_id_key"
DETAIL: Key (finding_id)=(11826) already exists.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/app/dojo/jira_link/helper.py", line 816, in add_jira_issue
j_issue.save()
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 822, in save
self.save_base(
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 909, in save_base
updated = self._save_table(
^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 1071, in _save_table
results = self._do_insert(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 1112, in _do_insert
return manager._insert(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
return getattr(self.get_queryset(), name)(args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 1847, in _insert
return query.get_compiler(using=using).execute_sql(returning_fields)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/models/sql/compiler.py", line 1823, in execute_sql
cursor.execute(sql, params)
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 122, in execute
return super().execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 79, in execute
return self._execute_with_wrappers(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 92, in _execute_with_wrappers
return executor(sql, params, many, context)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 100, in _execute
with self.db.wrap_database_errors:
File "/usr/local/lib/python3.11/site-packages/django/db/utils.py", line 91, in exit
raise dj_exc_value.with_traceback(traceback) from exc_value
File "/usr/local/lib/python3.11/site-packages/django/db/backends/utils.py", line 105, in _execute
return self.cursor.execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/psycopg/cursor.py", line 97, in execute
raise ex.with_traceback(None)
django.db.utils.IntegrityError: duplicate key value violates unique constraint "dojo_jira_issue_finding_id_key"
DETAIL: Key (finding_id)=(11826) already exists.
[27/Mar/2025 09:50:54] ERROR [dojo.jira_link.helper:743] Failed to create jira issue with the following payload: {'project': {'key': 'SDL'}, 'issuetype': {'name': 'Defect'}, 'summary': 'vite:5.4.6 Affected By: CVE-2025-24010 (NVD)', 'description': '\n\n\n\n\n\nSeverity:* Medium\n\n\nDue Date: June 25, 2025\n\n\n\nCWE: [CWE-346|https://cwe.mitre.org/data/definitions/346.html]\n\n\n\nCVE: [GHSA-vg6x-rcgg-rjx6|https://github.com/advisories/GHSA-vg6x-rcgg-rjx6]\n\n\n\nCVSSv3 Score: 6.5 \n\n\n\n\n\n\n\n\n\n\n\nVulnerable Component: vite - 5.4.6\n\n\n\n\nSource File: pkg:npm/vite@5.4.6\n\n\n\n\nDescription:\nYou are using a component with a known vulnerability. Version 5.4.6 of the vite component is affected by the vulnerability with an id of CVE-2025-24010 as identified by snykId.\nThe purl of the affected component is: pkg:npm/vite@5.4.6.\nVulnerability Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.\n\n\n\n\n\n\n\n\n\n', 'labels': ['GHSA-vg6x-rcgg-rjx6', 'CVE-2025-24010'], 'priority': {'name': 'Medium'}, 'assignee': {'name': 'George'}} - duplicate key value violates unique constraint "dojo_jira_issue_finding_id_key"
DETAIL: Key (finding_id)=(11826) already exists.
[27/Mar/2025 09:50:54] DEBUG [dojo.utils:2236] getting product for <class 'dojo.models.Finding'>:vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:48] creating system notifications for event: jira_update
[27/Mar/2025 09:50:54] DEBUG [dojo.utils:2236] getting product for <class 'dojo.models.Finding'>:vite:5.4.6 Affected By: CVE-2025-24010 (NVD)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:77] Defined product of obj testsdl
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:25] user: None
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:31] dojo_async_task None: no current user, running task in the background
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:166] sending notification asynchronously
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:167] process notifications for None
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:168] notifications: {'_state': <django.db.models.base.ModelState object at 0x7f4f8db89410>, 'id': None, 'product_type_added': ('alert', 'alert'), 'product_added': ('alert', 'alert'), 'engagement_added': ('alert', 'alert'), 'test_added': ('alert', 'alert'), 'scan_added': ('alert', 'alert'), 'scan_added_empty': [], 'jira_update': ('alert', 'alert'), 'upcoming_engagement': ('alert', 'alert'), 'stale_engagement': ('alert', 'alert'), 'auto_close_engagement': ('alert', 'alert'), 'close_engagement': ('alert', 'alert'), 'user_mentioned': ('alert', 'alert'), 'code_review': ('alert', 'alert'), 'review_requested': ('alert', 'alert'), 'other': ('alert', 'alert'), 'user_id': None, 'product_id': None, 'template': False, 'sla_breach': ('alert', 'alert'), 'risk_acceptance_expiration': ('alert', 'alert'), 'sla_breach_combined': ('alert', 'alert')}
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:187] Sending Alert to None
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:313] sending alert notification to None
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:148] template not found or not implemented yet: notifications/alert/jira_update.tpl
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:85] creating personal notifications for event: jira_update
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:100] Filtering users for the product testsdl
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:113] Authorized user for the product (Platform)
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:25] user: None
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:31] dojo_async_task None: no current user, running task in the background
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:166] sending notification asynchronously
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:167] process notifications for (Platform)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:168] notifications: {'_state': <django.db.models.base.ModelState object at 0x7f4f91f7ef90>, 'id': 2, 'product_type_added': ['alert', 'alert'], 'product_added': ['alert', 'alert'], 'engagement_added': ['alert', 'alert'], 'test_added': ['alert', 'alert'], 'scan_added': ['alert', 'alert'], 'scan_added_empty': [], 'jira_update': ['alert', 'alert'], 'upcoming_engagement': ['alert', 'alert'], 'stale_engagement': ['alert', 'alert'], 'auto_close_engagement': ['alert', 'alert'], 'close_engagement': ['alert', 'alert'], 'user_mentioned': ['alert', 'alert'], 'code_review': ['alert', 'alert'], 'review_requested': ['alert', 'alert'], 'other': ['alert', 'alert'], 'user_id': 3, 'product_id': None, 'template': False, 'sla_breach': ['alert', 'alert'], 'risk_acceptance_expiration': ['alert', 'alert'], 'sla_breach_combined': ['alert', 'alert']}
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:187] Sending Alert to (Platform)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:313] sending alert notification to (Platform)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:148] template not found or not implemented yet: notifications/alert/jira_update.tpl
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:113] Authorized user for the product Admin User (admin)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:118] User Admin User (admin) is superuser
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:25] user: None
[27/Mar/2025 09:50:54] DEBUG [dojo.decorators:31] dojo_async_task None: no current user, running task in the background
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:166] sending notification asynchronously
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:167] process notifications for Admin User (admin)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:168] notifications: {'_state': <django.db.models.base.ModelState object at 0x7f4f8db89410>, 'id': None, 'product_type_added': ('alert', 'alert'), 'product_added': ('alert', 'alert'), 'engagement_added': ('alert', 'alert'), 'test_added': ('alert', 'alert'), 'scan_added': ('alert', 'alert'), 'scan_added_empty': [], 'jira_update': ('alert', 'alert'), 'upcoming_engagement': ('alert', 'alert'), 'stale_engagement': ('alert', 'alert'), 'auto_close_engagement': ('alert', 'alert'), 'close_engagement': ('alert', 'alert'), 'user_mentioned': ('alert', 'alert'), 'code_review': ('alert', 'alert'), 'review_requested': ('alert', 'alert'), 'other': ('alert', 'alert'), 'user_id': 1, 'product_id': None, 'template': False, 'sla_breach': ('alert', 'alert'), 'risk_acceptance_expiration': ('alert', 'alert'), 'sla_breach_combined': ('alert', 'alert')}
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:187] Sending Alert to Admin User (admin)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:313] sending alert notification to Admin User (admin)
[27/Mar/2025 09:50:54] DEBUG [dojo.notifications.helper:148] template not found or not implemented yet: notifications/alert/jira_update.tpl
[27/Mar/2025 09:50:55] INFO [celery.app.trace:128] Task dojo.jira_link.helper.add_jira_issue_for_finding[04ba0282-d913-4c89-87c7-67d79a206db1] succeeded in 2.0699609303846955s: False
[27/Mar/2025 09:50:55] INFO [celery.worker.strategy:161] Task dojo.jira_link.helper.add_jira_issue_for_finding[f72d0be5-241d-4bfc-9875-0379fb00e9c5] received
[27/Mar/2025 09:50:55] DEBUG [celery.pool:149] TaskPool: Apply <function fast_trace_task at 0x7f4f944a51c0> (args:('dojo.jira_link.helper.add_jira_issue_for_finding', 'f72d0be5-241d-4bfc-9875-0379fb00e9c5', {'lang': 'py', 'task': 'dojo.jira_link.helper.add_jira_issue_for_finding', 'id': 'f72d0be5-241d-4bfc-9875-0379fb00e9c5', 'shadow': None, 'eta': None, 'expires': None, 'group': None, 'group_index': None, 'retries': 0, 'timelimit': [None, None], 'root_id': '6c145850-2922-4d55-8fed-4e79f2fe13e2', 'parent_id': '6c145850-2922-4d55-8fed-4e79f2fe13e2', 'argsrepr': '(11827,)', 'kwargsrepr': "{'async_user': None}", 'origin': 'gen1@7e543173517b', 'ignore_result': True, 'replaced_task_nesting': 0, 'stamped_headers': None, 'stamps': {}, 'properties': {'correlation_id': 'f72d0be5-241d-4bfc-9875-0379fb00e9c5', 'reply_to': '74680716-bae2-35c3-b21e-646babd9c150', 'delivery_mode': 2, 'delivery_info': {'exchange': '', 'routing_key': 'celery'}, 'priority': 0, 'body_encoding': 'base64', 'delivery_tag': '7501ac00-3f69-4ec7-bd0e-2ad64fe3dd65'}, 'reply_to': '74680716-bae2-35c3-b21e-646babd9c150', 'correlation_id':... kwargs:{})
[27/Mar/2025 09:50:55] DEBUG [dojo.decorators:99] args:(11827,)
[27/Mar/2025 09:50:55] DEBUG [dojo.decorators:100] kwargs:{'async_user': None}
[27/Mar/2025 09:50:55] DEBUG [dojo.decorators:102] checking if we need to convert id to model: Finding for parameter: 0
[27/Mar/2025 09:50:55] DEBUG [dojo.decorators:142] model_or_id: 11827
[27/Mar/2025 09:50:55] DEBUG [dojo.decorators:25] user: None

Sample scan files
fpfwithvite.json

[paulOsinski]

Hi @loschakov , do your Jira issues link back to different Findings in DefectDojo (different Finding IDs), or do you have multiple Jira issues that are linked to the same Finding ID in DefectDojo?

[valentijnscholten]

@loschakov Are you able to consistently reproduce this with the latest Defect Dojo? I can imagine there could be some race conditions causing this, but it should not be structural. Can you update to the latest Defect Dojo as 2.38.x is relatively old.

I notice your step 3 is "import to JIRA". What do you mean by that? Do you use bulk import to push to JIRA or do you specify push to jira parameters in the import request or UI?

[loschakov]

@paulOsinski, problems in jira are associated with a single search result

[loschakov]

@valentijnscholten I have updated defectdojo to version 2.45.1, but the problem persists. Push all issues is enabled for engagement. I upload the fpf fromdependency track through the ui and automatically all the findings are sent to jira.

[valentijnscholten]

I am not able to reproduce this locally. Are you using ASYNC_IMPORT by any chance? If not, can you provide screenshots of all JIRA related settings. So screenshot of the JIRA Instance, JIRA Project, Product JIRA settings and engagement JIRA settings. As well as screenshot of the values chosing on the import or reimport screen.

[loschakov]

in settings.dist.py DD_ASYNC_FINDING_IMPORT=(bool, False) by default.

another fpf where it reproduce

dmfrontppf.json

settings jira

jira instance

product jira settings

engagement jira settings

results in jira

[valentijnscholten]

Thank you, but what settings do you choose when uploading the report? What does the resulting Test in DefectDojo look like?

When I try this locally I am seeing that these findings are created twice in Defect Dojo. And then each of them gets sent to JIRA correctly. Based on this it looks like findings are created twice in Defect Dojo is the root cause or root question I will take a look at.

[valentijnscholten]

I can see only GHSA-x574-m823-4x7w in multiple findings. But this makes sense as the report contains this vulnerability twice. Once for vite 6.2.0 and once for 6.2.5. I wonder if there's something in your instance that makes it behave differently, for example the hash_code config? Can you try to reproduce with a fresh instance or the demo instance?