Configurable Source AVIT ID Key with Migration Support#70
Open
cx-apoorva-singh wants to merge 4 commits intopre_release_2.0.1from
Open
Configurable Source AVIT ID Key with Migration Support#70cx-apoorva-singh wants to merge 4 commits intopre_release_2.0.1from
cx-apoorva-singh wants to merge 4 commits intopre_release_2.0.1from
Conversation
cx-apoorva-singh
requested review from
cx-prathmesh-borle,
cx-rakesh-kadu and
cx-umesh-waghode
cx-rakesh-kadu
requested changes
Apr 9, 2026
…9e510026f72021153af1b.js Removed the aggregate lookup when simiId + resultHash is selected. If simiId + resultHash is selected and apply_migration is true, then the lookup will be only performed on existing data.
cx-rakesh-kadu
requested changes
Apr 14, 2026
removal of dateGenerate function from closureIntegration and also if apply_migration is true creating parameter for latest scan even if old scanId is not found to close those findings which was not migrated because of duplicate source_avit_id
cx-rakesh-kadu
approved these changes
Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Configurable Source AVIT ID Key for SAST Findings with Migration Support & Aggregation Enhancements
Summary
This PR introduces a configurable Source AVIT ID Key mechanism for SAST findings, enabling customers to control how source_avit_id is generated. It also provides a migration path from legacy key formats to the new format, along with enhancements to improve visibility and aggregation of related findings.
Key Features & Enhancements
Added a new Configure Source AVIT ID Key option.
Allows customers to define how source_avit_id is computed for SAST findings.
Introduced:
Select Old Source AVIT ID Key
Migrate existing AVITs to New Source AVIT ID (toggle)
When enabled:
Existing AVITs using the old key format are re-keyed to the new format during the next integration run.
Migration uses the selected old key format for accurate lookup.
When multiple SAST findings share the same source_avit_id:
Their links are aggregated in the Source Vulnerability Summary field.
A maximum of 30 links are appended (existingCounter <= 30).
The Dependency Type field reflects the count of such findings.
Re-triggering the same scan:
Does not duplicate links in the Source Vulnerability Summary.
Does not incorrectly increment the Dependency Type count.
Save & Test validation ensures:
Configure Source AVIT ID Key cannot be empty.
When migration is enabled:
Select Old Source AVIT ID Key cannot be empty.
Old and new key selections cannot be the same.
During migration:
Full URL display text in source_vulnerability_summary is replaced with resultHash.
Changes apply only to SAST findings.
Other scan types remain unaffected:
SCA
KICS
Containers
Secret Detection
ScoreCard