regscale-cli 6.16.3.0__py3-none-any.whl → 6.16.4.0__py3-none-any.whl

regscale/__init__.py

@@ -1 +1 @@
-__version__ = "6.16.3.0"
+__version__ = "6.16.4.0"

regscale/core/app/internal/control_editor.py

@@ -20,6 +20,7 @@ if TYPE_CHECKING:
 from openpyxl import Workbook, load_workbook
 from openpyxl.styles import Alignment, PatternFill, Protection
 from openpyxl.worksheet.datavalidation import DataValidation
+import warnings
 
 
 from regscale.core.app.logz import create_logger
@@ -48,6 +49,12 @@ def control_editor():
     """
     Performs actions on Control Editor Feature to edit controls to RegScale.
     """
+    warnings.filterwarnings("always", category=DeprecationWarning)
+    warnings.warn(
+        "Control Editor is deprecated and will be removed in a future release. Use `regscale model` with the `--model control` argument instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
 
 
 # Get data and pull into Excel worksheets.
@@ -68,7 +75,13 @@ def generate_data_download(regscale_id: int, regscale_module: str, path: Path):
     This function will build and populate a spreadsheet of all control implementations
     with the selected RegScale Parent Id and RegScale Module.
     """
-    data_load(parent_id=regscale_id, parent_module=regscale_module, path=path)
+    warnings.filterwarnings("always", category=DeprecationWarning)
+    warnings.warn(
+        "Control Editor is deprecated and will be removed in a future release. Use `regscale model generate --model control` instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    data_load(regscale_id, regscale_module, path)
 
 
 def data_load(parent_id: int, parent_module: str, path: Path) -> None:
@@ -359,8 +372,13 @@ def _fetch_implementations(api: "Api", parent_id: int, parent_module: str) -> "p
 def generate_db_update(path: Path, skip_prompt: bool):
     """
     This function will check changes made to spreadsheet and upload any changes made to RegScale.
-
     """
+    warnings.filterwarnings("always", category=DeprecationWarning)
+    warnings.warn(
+        "Control Editor is deprecated and will be removed in a future release. Use `regscale model load --model control` instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
     db_update(path, skip_prompt)
 
 
@@ -514,6 +532,12 @@ def build_implementation(i: dict, regscale_parent_id: int, regscale_parent_modul
 )
 def generate_delete_file(path: Path):
     """This command will delete files used during the Control editing process."""
+    warnings.filterwarnings("always", category=DeprecationWarning)
+    warnings.warn(
+        "Control Editor is deprecated and will be removed in a future release. Use `regscale model` with the `--model control` argument instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
     delete_file(path)
 
 

regscale/core/app/internal/model_editor.py

@@ -328,7 +328,6 @@ def upload_data(path: Path, obj_type: str) -> None:
     :return: None
     :rtype: None
     """
-    import numpy as np  # Optimize import performance
     import pandas as pd
 
     app = Application()
@@ -356,30 +355,25 @@ def upload_data(path: Path, obj_type: str) -> None:
         if df1.equals(df2):
             error_and_exit("No differences detected.")
 
-        else:
-            app.logger.warning("Differences found!")
-            # Need to strip out any net new rows before doing this comparison
-            df2 = strip_any_net_new_rows(app, df2, all_workbook_filename, obj_type, path, new_workbook_filename)
-            diff_mask = (df1 != df2) & ~(df1.isnull() & df2.isnull())
-            ne_stacked = diff_mask.stack()
-            changed = ne_stacked[ne_stacked]
-            changed.index.names = ["Id", "Column"]
-            difference_locations = np.nonzero(diff_mask)
-            changed_from = df1.values[difference_locations]
-            changed_to = df2.values[difference_locations]
-            changes = pd.DataFrame({"From": changed_from, "To": changed_to}, index=changed.index)
-            changes.to_csv(
-                os.path.join(path, DIFFERENCES_FILE),
-                header=True,
-                index=True,
-                sep=" ",
-                mode="w+",
-            )
-            app.logger.info(
-                "Please check differences.txt file located in %s to see changes made.",
-                path,
-            )
-            upload_existing_data(app, api, path, obj_type, all_workbook_filename)
+        app.logger.warning("Differences found!")
+        # Need to strip out any net new rows before doing this comparison
+        df3 = strip_any_net_new_rows(app, df2, all_workbook_filename, obj_type, path, new_workbook_filename)
+        try:
+            changes = compare_dataframes(df1, df3)
+        except ValueError:
+            changes = compare_dataframes(df1, df2)
+        changes.to_csv(
+            os.path.join(path, DIFFERENCES_FILE),
+            header=True,
+            index=True,
+            sep=" ",
+            mode="w+",
+        )
+        app.logger.info(
+            "Please check differences.txt file located in %s to see changes made.",
+            path,
+        )
+        upload_existing_data(app, api, path, obj_type, all_workbook_filename)
     else:
         app.logger.info("No files found for the specified type to load to RegScale.")
     return app.logger.info(
@@ -388,7 +382,26 @@ def upload_data(path: Path, obj_type: str) -> None:
     )
 
 
-# pylint: enable=R0914
+def compare_dataframes(df1: "pd.DataFrame", df2: "pd.DataFrame") -> "pd.DataFrame":
+    """
+    Compare two DataFrames and return a DataFrame with the differences.
+
+    :param pd.DataFrame df1: The first DataFrame to compare
+    :param pd.DataFrame df2: The second DataFrame to compare
+    :return: A DataFrame with the differences between the two DataFrames
+    :rtype: pd.DataFrame
+    """
+    import numpy as np
+    import pandas as pd
+
+    diff_mask = (df1 != df2) & ~(df1.isnull() & df2.isnull())
+    ne_stacked = diff_mask.stack()
+    changed = ne_stacked[ne_stacked]
+    changed.index.names = ["Id", "Column"]
+    difference_locations = np.nonzero(diff_mask)
+    changed_from = df1.values[difference_locations]
+    changed_to = df2.values[difference_locations]
+    return pd.DataFrame({"From": changed_from, "To": changed_to}, index=changed.index)
 
 
 @model.command(name="delete_files")

regscale/integrations/commercial/grype/scanner.py

@@ -17,7 +17,7 @@ from pathlib import Path
 
 from regscale.core.app.utils.parser_utils import safe_datetime_str
 from regscale.integrations.jsonl_scanner_integration import JSONLScannerIntegration
-from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, issue_due_date
 from regscale.models import IssueSeverity, AssetStatus, IssueStatus
 
 logger = logging.getLogger("regscale")
@@ -143,53 +143,61 @@ class GrypeIntegration(JSONLScannerIntegration):
         finding_info = self._extract_finding_info(item, data)
         artifact_info = self._extract_artifact_info(item)
         severity_info = self._determine_severity(finding_info)
-        cvss_fields = self._get_cvss_fields(finding_info["cvss"])
-        scan_date = safe_datetime_str(finding_info["descriptor"].get("timestamp", ""))
+        cvss_fields = self._get_cvss_fields(finding_info.get("cvss"))
+        file_scan_date = safe_datetime_str(finding_info.get("descriptor", {}).get("timestamp", ""))
+        if not self.scan_date:
+            self.scan_date = file_scan_date
         evidence = self._build_evidence(artifact_info)
         observations = self._build_observations(finding_info)
-        remediation_info = self._build_remediation_info(finding_info["fix"])
+        remediation_info = self._build_remediation_info(finding_info.get("fix"))
+
+        severity = severity_info["severity"]
 
         return IntegrationFinding(
             title=(
-                f"{severity_info['cve_id']}: {artifact_info['name']}"
-                if severity_info["cve_id"]
-                else artifact_info["name"]
+                f"{severity_info.get('cve_id')}: {artifact_info.get('name', 'unknown')}"
+                if severity_info.get("cve_id")
+                else artifact_info.get("name", "unknown")
             ),
             description=severity_info["description"],
-            severity=severity_info["severity"],
+            severity=severity,
             status=IssueStatus.Open,
             cvss_v3_score=cvss_fields.get("V3Score"),
             cvss_v3_vector=cvss_fields.get("V3Vector") or "",
             cvss_v2_score=cvss_fields.get("V2Score"),
             cvss_v2_vector=cvss_fields.get("V2Vector") or "",
-            plugin_name=artifact_info["name"],
+            plugin_name=artifact_info.get("name"),
             plugin_id=self.title,
             asset_identifier=asset_identifier,
             category="Vulnerability",
-            cve=severity_info["cve_id"],
+            cve=severity_info.get("cve_id"),
             control_labels=["CM-7", "SI-2"],
             evidence=evidence,
             observations=observations,
-            identified_risk=f"Vulnerable {artifact_info['type'] or 'package'} detected: {artifact_info['name'] or 'unknown'} {artifact_info['version'] or 'unknown'}",
+            identified_risk=f"Vulnerable {artifact_info.get('type', 'package')} detected: {artifact_info.get('name', 'unknown')} {artifact_info.get('version', 'unknown')}",
             recommendation_for_mitigation=remediation_info["remediation"],
-            scan_date=scan_date,
-            first_seen=scan_date,
-            last_seen=scan_date,
-            vulnerability_type=finding_info["type"],
-            rule_id=finding_info["id"],
-            source_rule_id=finding_info["id"],
-            remediation=remediation_info["remediation"],
-            vulnerable_asset=f"{artifact_info['name'] or 'unknown'}:{artifact_info['version'] or 'unknown'}",
-            security_check=finding_info["matcher"],
-            external_id=finding_info["data_source"],
-            installed_versions=artifact_info["version"],
-            affected_os=finding_info["affected_os"],
-            affected_packages=artifact_info["name"],
-            image_digest=finding_info["manifest_digest"],
-            package_path=artifact_info["purl"],
-            build_version=finding_info["build_version"],
-            fixed_versions=remediation_info["fixed_versions"],
-            fix_status=remediation_info["fix_status"],
+            scan_date=self.scan_date,
+            first_seen=file_scan_date,
+            last_seen=self.scan_date,
+            date_created=self.scan_date,
+            vulnerability_type=finding_info.get("type"),
+            rule_id=finding_info.get("id"),
+            source_rule_id=finding_info.get("id"),
+            remediation=remediation_info.get("remediation"),
+            vulnerable_asset=f"{artifact_info.get('name', 'unknown')}:{artifact_info.get('version', 'unknown')}",
+            security_check=finding_info.get("matcher"),
+            external_id=finding_info.get("data_source"),
+            installed_versions=artifact_info.get("version"),
+            affected_os=finding_info.get("affected_os"),
+            affected_packages=artifact_info.get("name"),
+            image_digest=finding_info.get("manifest_digest"),
+            package_path=artifact_info.get("purl"),
+            build_version=finding_info.get("build_version"),
+            fixed_versions=remediation_info.get("fixed_versions"),
+            fix_status=remediation_info.get("fix_status"),
+            due_date=issue_due_date(
+                severity=severity, created_date=file_scan_date, title="grype", config=self.app.config
+            ),
         )
 
     def _extract_finding_info(self, item: Dict[str, Any], data: Dict[str, Any]) -> Dict[str, Any]:

regscale/integrations/commercial/opentext/commands.py

@@ -61,6 +61,8 @@ def import_scans(
     Import and process a folder of Fortify WebInspect XML file(s).
     """
     # Use the new WebInspectIntegration class to sync assets and findings
+    if s3_bucket and not folder_path:
+        folder_path = s3_bucket
     wi = WebInspectIntegration(
         plan_id=regscale_ssp_id,
         file_path=str(folder_path) if folder_path else None,

regscale/integrations/commercial/opentext/scanner.py

@@ -14,9 +14,10 @@ from typing import Any, Dict, List, Optional, Union, Tuple, cast, Iterator, Set
 
 from pathlib import Path
 
+from regscale.core.app.utils.app_utils import check_license
 from regscale.core.app.utils.file_utils import find_files, read_file
 from regscale.integrations.jsonl_scanner_integration import JSONLScannerIntegration
-from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, issue_due_date
 from regscale.models import IssueSeverity, AssetStatus, IssueStatus, ImportValidater
 
 logger = logging.getLogger("regscale")
@@ -37,15 +38,19 @@ class WebInspectIntegration(JSONLScannerIntegration):
     # Constants for file paths
     ASSETS_FILE = "./artifacts/webinspect_assets.jsonl"
     FINDINGS_FILE = "./artifacts/webinspect_findings.jsonl"
+    file_date: Optional[str] = None
 
     def __init__(self, *args, **kwargs):
         """Initialize the WebInspectIntegration."""
+        self.app = check_license()
         # Override file_pattern for XML files
         kwargs["file_pattern"] = "*.xml"
         kwargs["read_files_only"] = True
         self.disable_mapping = kwargs["disable_mapping"] = True
-        # kwargs["re"]
+        self.set_scan_date(kwargs.get("scan_date"))
+        # logger.debug(f"scan_date: {self.scan_date}"
         super().__init__(*args, **kwargs)
+        logger.debug(f"WebInspectIntegration initialized with scan date: {self.scan_date}")
 
     def is_valid_file(self, data: Any, file_path: Union[Path, str]) -> Tuple[bool, Optional[Dict[str, Any]]]:
         """
@@ -232,6 +237,22 @@ class WebInspectIntegration(JSONLScannerIntegration):
             asset = self._prepare_asset(file, data)
             self._write_asset_if_new(asset, assets_file, asset_tracker)
 
+            # Extract the date from the file name
+            file_name = os.path.basename(str(file))
+            # Extract the string after " - " and before ".xml" in the file name
+            parsed_string = file_name.split(" - ")[1].rsplit(".xml", 1)[0] if " - " in file_name else ""
+            # Convert parsed_string to a date in "%Y-%m-%d %H:%M:%S" format
+            try:
+                if len(parsed_string) == 6:  # Ensure the string is in "MMDDYY" format
+                    month = int(parsed_string[:2])
+                    day = int(parsed_string[2:4])
+                    year = int(parsed_string[4:])
+                    self.file_date = f"{year + 2000:04d}-{month:02d}-{day:02d}"
+                else:
+                    self.file_date = None
+            except ValueError:
+                self.file_date = None
+
             findings_data = self._get_findings_data_from_file(data)
             logger.info(f"Found {len(findings_data)} findings in file: {file}")
             findings_added = self._write_findings(findings_data, asset.identifier, findings_file, finding_tracker)
@@ -300,7 +321,7 @@ class WebInspectIntegration(JSONLScannerIntegration):
         """
         findings_added = 0
         for finding_item in findings_data:
-            finding = self.parse_finding(asset_id, {}, finding_item)  # Pass empty dict for data if unused
+            finding = self.parse_finding(asset_id, findings_data, finding_item)  # Pass empty dict for data if unused
             finding_dict = dataclasses.asdict(finding)
             if not self.disable_mapping and self.mapping:
                 mapped_finding_dict = self._apply_mapping(
@@ -384,6 +405,7 @@ class WebInspectIntegration(JSONLScannerIntegration):
 
         # Get the host from the first issue
         host = issues[0].get("Host", "Unknown Host")
+        url = issues[0].get("URL", "")
 
         # Create and return the asset
         return IntegrationAsset(
@@ -395,6 +417,7 @@ class WebInspectIntegration(JSONLScannerIntegration):
             asset_category="Hardware",
             parent_id=self.plan_id,
             parent_module="securityplans",
+            fqdn=url,
         )
 
     def _get_findings_data_from_file(self, data: Dict[str, Any]) -> List[Dict[str, Any]]:
@@ -457,51 +480,42 @@ class WebInspectIntegration(JSONLScannerIntegration):
         """
         severity_int = int(item.get("Severity", 3))
         severity_value = self.finding_severity_map.get(severity_int, IssueSeverity.High.value)
-
         try:
             severity = IssueSeverity(severity_value)
         except ValueError:
             severity = IssueSeverity.High
 
+        if self.scan_date is None:
+            self.scan_date = self.file_date
+
         title = item.get("Name", "")
-        host = item.get("Host", asset_identifier)
         plugin_id = item.get("VulnerabilityID", "")
-        external_id = str(host + plugin_id)
+        external_id = str(asset_identifier + plugin_id)
         sections = item.get("ReportSection", [])
 
         # Extract description and mitigation from report sections
         description = self._parse_report_section(sections, "Summary")
         mitigation = self._parse_report_section(sections, "Fix")
 
-        # Only create findings for certain severity levels
-        if severity in (IssueSeverity.Critical, IssueSeverity.High, IssueSeverity.Moderate, IssueSeverity.Low):
-            return IntegrationFinding(
-                external_id=external_id,
-                asset_identifier=host,
-                control_labels=[],
-                description=description,
-                status=IssueStatus.Open,
-                title=title,
-                severity=severity,
-                category=f"{self.title} Vulnerability",
-                plugin_id=plugin_id,
-                plugin_name=title,
-                rule_id=plugin_id,
-                recommendation_for_mitigation=mitigation,
-                source_report=self.title,
-            )
-        # Return a default finding for severities we skip
         return IntegrationFinding(
-            external_id=f"skip-{external_id}",
-            asset_identifier=host,
+            external_id=external_id,
+            asset_identifier=asset_identifier,
             control_labels=[],
-            description="Skipped finding due to low severity",
-            status=IssueStatus.Closed,
-            title=f"Skipped: {title}",
-            severity=IssueSeverity.NotAssigned,
-            category=f"{self.title} Skipped",
+            description=description,
+            status=IssueStatus.Open,
+            title=title,
+            severity=severity,
+            category=f"{self.title} Vulnerability",
+            scan_date=self.scan_date,
+            first_seen=self.scan_date,
+            last_seen=self.scan_date,
+            date_created=self.scan_date,
             plugin_id=plugin_id,
             plugin_name=title,
             rule_id=plugin_id,
+            recommendation_for_mitigation=mitigation,
             source_report=self.title,
+            due_date=issue_due_date(
+                severity=severity, created_date=self.scan_date, title="opentext", config=self.app.config
+            ),
         )

regscale/integrations/commercial/qualys.py

@@ -723,7 +723,7 @@ def _get_qualys_api():
 
     # set the auth for the QUALYS_API session
     QUALYS_API.auth = (config.get("qualysUserName"), config.get("qualysPassword"))
-    QUALYS_API.verify = config.get("qualysVerify", True)
+    QUALYS_API.verify = config.get("sslVerify", True)
     qualys_url = config.get("qualysUrl")
     return qualys_url, QUALYS_API
 
@@ -749,12 +749,14 @@ def import_total_cloud_data_from_qualys_api(security_plan_id: int, include_tags:
                 params["tag_set_exclude"] = exclude_tags
             if include_tags:
                 params["tag_set_include"] = include_tags
+        logger.info("Fetching Qualys Total Cloud data...")
         response = QUALYS_API.get(
             url=urljoin(qualys_url, "/api/2.0/fo/asset/host/vm/detection/"),
             headers=HEADERS,
             params=params,
         )
         if response and response.ok:
+            logger.info("Total cloud data fetched. processing...")
             response_data = xmltodict.parse(response.text)
             qt = QualysTotalCloudIntegration(plan_id=security_plan_id, xml_data=response_data)
             qt.fetch_assets()

regscale/integrations/commercial/sicura/commands.py

@@ -5,11 +5,10 @@ This module contains the Click command group for Sicura.
 import logging
 
 import click
-from rich.console import Console
+
 from regscale.models import regscale_id
 
 logger = logging.getLogger("regscale")
-console = Console()
 
 
 @click.group()
@@ -23,7 +22,7 @@ def sicura():
 
 @sicura.command(name="sync_assets")
 @regscale_id(help="RegScale will create and update assets as children of this record.")
-def sync_assets(regscale_id):
+def sync_assets(regscale_id: int):
     """
     Sync Sicura assets to RegScale.
 
@@ -36,20 +35,18 @@ def sync_assets(regscale_id):
             plan_id=regscale_id,
         )
 
-        with console.status("[bold green]Syncing assets from Sicura to RegScale..."):
-            # Using import_assets method which handles the synchronization
-            integration.sync_assets(plan_id=regscale_id)
+        # Using import_assets method which handles the synchronization
+        integration.sync_assets(plan_id=regscale_id)
 
-        console.print("[bold green]Asset synchronization complete.")
+        logger.info("[bold green]Sicura asset synchronization complete.")
 
     except Exception as e:
         logger.error(f"Error syncing assets: {e}", exc_info=True)
-        console.print(f"[bold red]Error syncing assets: {e}")
 
 
 @sicura.command(name="sync_findings")
 @regscale_id(help="RegScale will create and update findings as children of this record.")
-def sync_findings(regscale_id):
+def sync_findings(regscale_id: int):
     """
     Sync Sicura findings to RegScale.
 
@@ -62,12 +59,10 @@ def sync_findings(regscale_id):
             plan_id=regscale_id,
         )
 
-        with console.status("[bold green]Syncing findings from Sicura to RegScale..."):
-            # Using import_findings method which handles the synchronization
-            integration.sync_findings(plan_id=regscale_id)
+        # Using import_findings method which handles the synchronization
+        integration.sync_findings(plan_id=regscale_id)
 
-        console.print("[bold green]Finding synchronization complete.")
+        logger.info("[bold green]Finding synchronization complete.")
 
     except Exception as e:
         logger.error(f"Error syncing findings: {e}", exc_info=True)
-        console.print(f"[bold red]Error syncing findings: {e}")

regscale/integrations/commercial/tenablev2/click.py

@@ -4,7 +4,7 @@
 
 import queue
 from concurrent.futures import wait
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING
 
 from regscale.integrations.integration_override import IntegrationOverride
 
@@ -262,13 +262,17 @@ def get_queries() -> list:
     required=True,
 )
 @regscale_ssp_id()
+@click.option(
+    "--scan_date",
+    "-sd",
+    type=click.DateTime(formats=["%Y-%m-%d"]),
+    help="The scan date of the file.",
+    required=False,
+)
 # Add Prompt for RegScale SSP name
-def query_vuln(query_id: int, regscale_ssp_id: int):
+def query_vuln(query_id: int, regscale_ssp_id: int, scan_date: datetime = None):
     """Query Tenable vulnerabilities and sync assets to RegScale."""
-    q_vuln(
-        query_id=query_id,
-        ssp_id=regscale_ssp_id,
-    )
+    q_vuln(query_id=query_id, ssp_id=regscale_ssp_id, scan_date=scan_date)
 
 
 @io.command(name="sync_assets")
@@ -300,14 +304,20 @@ def query_assets(regscale_ssp_id: int, tags: Optional[List[Tuple[str, str]]] = N
     required=False,
     callback=validate_tags,
 )
-# Add Prompt for RegScale SSP name
-def query_vulns(regscale_ssp_id: int, tags: Optional[List[Tuple[str, str]]] = None):
+@click.option(
+    "--scan_date",
+    "-sd",
+    type=click.DateTime(formats=["%Y-%m-%d"]),
+    help="The scan date of the file.",
+    required=False,
+)
+def query_vulns(regscale_ssp_id: int, tags: Optional[List[Tuple[str, str]]] = None, scan_date: datetime = None):
     """
     Query Tenable vulnerabilities and sync assets, vulnerabilities and issues to RegScale.
     """
     from regscale.integrations.commercial.tenablev2.scanner import TenableIntegration
 
-    TenableIntegration.sync_findings(plan_id=regscale_ssp_id, tags=tags)
+    TenableIntegration.sync_findings(plan_id=regscale_ssp_id, tags=tags, scan_date=scan_date)
 
 
 def validate_regscale_security_plan(parent_id: int) -> bool:
@@ -409,18 +419,19 @@ def process_vulnerabilities(counts: collections.Counter, reg_assets: list, ssp_i
     return update_assets
 
 
-def q_vuln(query_id: int, ssp_id: int) -> list:
+def q_vuln(query_id: int, ssp_id: int, scan_date: datetime = None) -> list:
     """
     Query Tenable vulnerabilities
 
     :param int query_id: Tenable query ID
     :param int ssp_id: RegScale System Security Plan ID
+    :param datetime scan_date: Scan date, defaults to None
     :return: List of queries from Tenable
     :rtype: list
     """
     check_license()
     # At SSP level, provide a list of vulnerabilities and the counts of each
-    fetch_vulns(query_id=query_id, regscale_ssp_id=ssp_id)
+    fetch_vulns(query_id=query_id, regscale_ssp_id=ssp_id, scan_date=scan_date)
 
 
 def process_vuln(counts: collections.Counter, reg_assets: list, ssp_id: int, vuln: TenableAsset) -> list:
@@ -708,18 +719,19 @@ def fetch_assets(ssp_id: int) -> list[TenableIOAsset]:
     return assets
 
 
-def fetch_vulns(query_id: int = 0, regscale_ssp_id: int = 0):
+def fetch_vulns(query_id: int = 0, regscale_ssp_id: int = 0, scan_date: datetime = None):
     """
     Fetch vulnerabilities from Tenable by query ID
 
     :param int query_id: Tenable query ID, defaults to 0
     :param int regscale_ssp_id: RegScale System Security Plan ID, defaults to 0
+    :param datetime scan_date: Scan date, defaults to None
     """
 
     client = gen_client()
     if query_id and client._env_base == "TSC":
         vulns = client.analysis.vulns(query_id=query_id)
-        sc = SCIntegration(plan_id=regscale_ssp_id)
+        sc = SCIntegration(plan_id=regscale_ssp_id, scan_date=scan_date)
         # Create pickle file to cache data
         # make sure folder exists
         with tempfile.TemporaryDirectory() as temp_dir:

regscale/integrations/commercial/tenablev2/scanner.py

@@ -6,9 +6,9 @@ import datetime
 import json
 import linecache
 import logging
-from pathlib import Path
 from typing import Any, Dict, Iterator, List, Optional, Tuple
 
+from pathlib import Path
 from tenable.errors import TioExportsError
 
 from regscale.core.app.utils.app_utils import get_current_datetime
@@ -18,7 +18,12 @@ from regscale.integrations.commercial.tenablev2.authenticate import gen_tio
 from regscale.integrations.commercial.tenablev2.stig_parsers import parse_stig_output
 from regscale.integrations.commercial.tenablev2.utils import get_last_pull_epoch
 from regscale.integrations.commercial.tenablev2.variables import TenableVariables
-from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, ScannerIntegration
+from regscale.integrations.scanner_integration import (
+    IntegrationAsset,
+    IntegrationFinding,
+    ScannerIntegration,
+    issue_due_date,
+)
 from regscale.integrations.variables import ScannerVariables
 from regscale.models import regscale_models
 
@@ -44,9 +49,10 @@ class TenableIntegration(ScannerIntegration):
         :param int plan_id: The ID of the security plan
         :param int tenant_id: The ID of the tenant, defaults to 1
         """
-        super().__init__(plan_id, tenant_id)
+        super().__init__(plan_id, tenant_id, **kwargs)
         self.client = None
         self.tags = tags or []
+        self.scan_date = kwargs.get("scan_date", get_current_datetime())
 
     def authenticate(self) -> None:
         """Authenticate to Tenable."""
@@ -482,6 +488,9 @@ class TenableIntegration(ScannerIntegration):
                 poam_comments=None,
                 vulnerable_asset=asset_id,
                 source_rule_id=str(plugin.get("id", "")),
+                due_date=issue_due_date(
+                    severity=severity, created_date=self.scan_date, title="tenable", config=self.app.config
+                ),
             )
             if is_stig:
                 integration_finding = parse_stig_output(output=plugin_output, finding=integration_finding)