ADDED: Documentation for DD minimum severity annotation in scans

Vanessa Hermann · Vanessa Hermann · commit 55b64495f2bb · 2023-06-23T11:59:34.000+02:00
diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl
@@ -130,7 +130,7 @@ can add these via annotation to the scan. See examples below.
 | `defectdojo.securecodebox.io/engagement-deduplicate-on-engagement` | Deduplicate On Engagement  | false                                                                | Only used when creating the Engagement not used for updating                          |
 | `defectdojo.securecodebox.io/engagement-tags`                      | Engagement Tags            | Nothing                                                              | Only used when creating the Engagement not used for updating                          |
 | `defectdojo.securecodebox.io/test-title`                           | Test Title                 | Scan Name                                                            |                                                                                       |
-
+| `defectdojo.securecodebox.io/minimum_severity`                     | Minimum severity for findings created in DD    | Nothing                                          | Used to only create finding in DD, which are of a certain severity                    |
 ### Read-only Mode
 
 By default, the DefectDojo hook will pull the imported results from DefectDojo and use them to replace the results inside secureCodeBox.
@@ -220,6 +220,30 @@ helm upgrade --install dd secureCodeBox/persistence-defectdojo \
     --set="defectdojo.authentication.userId=42"
 ```
 
+### DefectDojo minimum severity
+
+It has come to our attention, that DefectDojo become slow when handling a lot of data. A lot of data in DefectDojo can be informational findings one likes to ignore.
+Therefore Defectdojo provides the option to only create findings for scan finding from a certain severity level and above, thus lowering the amount of data stored.
+We integrate this option in out scans by providing the "defectdojo.securecodebox.io/minimum_severity" annotation for scans.
+This is an example of how the minimum severity for findings of a scan can be set:
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: ScheduledScan
+metadata:
+  name: "zap-juiceshop"
+  annotations:
+      defectdojo.securecodebox.io/minimum_severity: "Low"
+spec:
+  interval: 24h
+  scanSpec:
+    scanType: "zap-full-scan"
+    parameters:
+      - "-t"
+      - "http://juice-shop.demo-targets.svc:3000"
+```
+In this example only for scan findings with a severity of "Low" or higher there are findings in DefectDojo created.
+
+
 ### Simple Example Scans
 
 This will run a daily scan using ZAP on a demo target. The results will be imported using the name "zap-juiceshop-$UNIX_TIMESTAMP" (Name of the Scan created by the ScheduledScan), in a product called "zap-juiceshop" in the default DefectDojo product type.
