Include analysis.detail from Dependency Track FPF in finding description

dojo/tools/dependency_track/parser.py

@@ -154,6 +154,9 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin
         analysis = dependency_track_finding.get("analysis")
         is_false_positive = bool(analysis is not None and analysis.get("state") == "FALSE_POSITIVE")
 
+        if analysis is not None and analysis.get("detail"):
+            vulnerability_description = f"Audit Detail: {analysis['detail']}\n\n{vulnerability_description}"
+
         # Get the EPSS details
         epss_percentile = dependency_track_finding["vulnerability"].get("epssPercentile", None)
 

unittests/scans/dependency_track/one_finding_with_analysis_detail.json

@@ -0,0 +1,42 @@
+{
+    "meta": {
+        "application": "Dependency-Track",
+        "version": "4.14.0",
+        "timestamp": "2026-01-01T00:00:00Z"
+    },
+    "findings": [
+        {
+            "component": {
+                "name": "log4j-core",
+                "project": "d38ebf15-96cd-4a01-9bca-7b49b5b0e7c4",
+                "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1",
+                "uuid": "c8a65fcd-dbf4-41eb-b1ec-55e67c91b22b",
+                "version": "2.14.1"
+            },
+            "attribution": {
+                "analyzerIdentity": "INTERNAL_ANALYZER",
+                "attributedOn": "2026-01-01 00:00:00.000"
+            },
+            "vulnerability": {
+                "uuid": "f8469ce4-019a-4482-8510-624dcf65f005",
+                "source": "NVD",
+                "vulnId": "CVE-2021-44228",
+                "severity": "CRITICAL",
+                "description": "Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP.",
+                "aliases": []
+            },
+            "analysis": {
+                "state": "IN_TRIAGE",
+                "isSuppressed": false,
+                "detail": "Reviewed and confirmed vulnerable. Upgrade scheduled for next sprint."
+            },
+            "matrix": "d38ebf15-96cd-4a01-9bca-7b49b5b0e7c4:c8a65fcd-dbf4-41eb-b1ec-55e67c91b22b:f8469ce4-019a-4482-8510-624dcf65f005"
+        }
+    ],
+    "project": {
+        "name": "test-app",
+        "uuid": "d38ebf15-96cd-4a01-9bca-7b49b5b0e7c4",
+        "version": "1.0.0"
+    },
+    "version": "1.3"
+}

unittests/tools/test_dependency_track_parser.py

@@ -168,3 +168,10 @@ def test_dependency_track_parser_findings_with_epss_score(self):
         self.assertEqual(0.07756, findings[0].epss_percentile)
         self.assertEqual(4.2, findings[0].cvssv3_score)
         self.assertIn("CVE-2023-45803", findings[0].unsaved_vulnerability_ids)
+
+    def test_dependency_track_parser_finding_with_analysis_detail(self):
+        with (get_unit_tests_scans_path("dependency_track") / "one_finding_with_analysis_detail.json").open(encoding="utf-8") as testfile:
+            parser = DependencyTrackParser()
+            findings = parser.get_findings(testfile, Test())
+        self.assertEqual(1, len(findings))
+        self.assertIn("Audit Detail: Reviewed and confirmed vulnerable. Upgrade scheduled for next sprint.", findings[0].description)