Reimport causes of closing active and valid findings, that still present in scan results

[paraddise]

Bug description
When you import semgrep results as SARIF test type all results saved as needed and you have 34 findings.
But when you try to reimport the same results with option close_old_findings=true, DD marks almost all findings as mitigated and you have 1 active and 33 mitigated.

Steps to reproduce
Steps to reproduce the behavior:

1. Create Product
2. Create CI/CD engagement with deduplication disabled
3. Create test with type SARIF and upload semgrep.sarif
4. Reimport again semgrep.sarif
5. Now yoy have 1 active and 33 mitigated results

Expected behavior
When you reimport the same file several times it should produce the same results as in the first import.

Deployment method (select with an X)

• Kubernetes

Environment information

• DefectDojo version (see footer) or commit message: 2.41.2

Sample scan files
I can't upload .sarif file, so just remove .json from filename
semgrep.sarif.json

Additional context
I managed to reproduce this bug on demo.defectdojo.org so you can find it here
Async and sync import produce the same results.

[valentijnscholten]

@paulOsinski I think this one can be closed as duplicate of #11480 as it's a semgrep specific problem described in more detail there.