Importing Blackduck Binary Analysis reports does not populate the Vulnerability Id field

**Bug description**

When importing a BlackDuck Binary Analysis CSV report, the `vuln_id_from_tool` field gets populated with the CVE, but not the `vulnerability_id` field as it is not set.

https://github.com/DefectDojo/django-DefectDojo/blob/924c2c88645ad555193f9122c5eba2dc7bd5c65c/dojo/tools/blackduck_binary_analysis/parser.py#L93 

**Steps to reproduce**
Steps to reproduce the behavior:
1. Import a BlackDuck Binary Analysis CSV report
2. In the findings, the `Vuln ID from tool` shows the CVE of the finding, but the `Vulnerability Id` is empty

**Expected behavior**

Expected behavior would be that also the `Vulnerability Id` contains the CVE (for de-duplication etc.)

**Deployment method** *(select with an `X`)*
- [X] Docker Compose
- [ ] Kubernetes
- [ ] GoDojo

**Environment information**
 - DefectDojo version: `2.38.4`


**Sample scan files**

The problem can be reproduced with the scan test files for BlackDuck Binary Analysis https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis

**Screenshots**

With the [one_vuln.csv](https://github.com/DefectDojo/django-DefectDojo/blob/master/unittests/scans/blackduck_binary_analysis/one_vuln.csv) scan:
<img width="775" alt="Image" src="https://github.com/user-attachments/assets/4ed57c3f-2048-45b7-bb97-bd1470c9896e" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Importing Blackduck Binary Analysis reports does not populate the Vulnerability Id field #12442

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Importing Blackduck Binary Analysis reports does not populate the Vulnerability Id field #12442

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions