Description
When importing scans from the Trivy scanner and the GitLab API Fuzzing Report parser, previously mitigated findings are incorrectly reactivated (reopened), even though those findings are not present in the uploaded scan.
Expected behavior
Findings that do not appear in the current scan should remain (or be set to) mitigated, since deduplication/reimport should only reactivate findings that are actually present in the report.
Actual behavior
Findings that are absent from the scan get reactivated and reopened.
After a few days they close/mitigate themselves again on their own.
I verified the raw scan files directly and confirmed the affected findings are not contained in them, so they should be marked as mitigated rather than reopened.
Affected scanners
Trivy
GitLab API Fuzzing Report
Impact
False re-opening of already-mitigated findings creates noise and inaccurate finding status in the dashboard.
I have observed this in the OSS and the Pro Version we are running. After a few days it gets back to normal, but the teams are running down my door, asking what the issue here is. Are there any known issues regarding this scanners?

Description
When importing scans from the Trivy scanner and the GitLab API Fuzzing Report parser, previously mitigated findings are incorrectly reactivated (reopened), even though those findings are not present in the uploaded scan.
Expected behavior
Findings that do not appear in the current scan should remain (or be set to) mitigated, since deduplication/reimport should only reactivate findings that are actually present in the report.
Actual behavior
Findings that are absent from the scan get reactivated and reopened.
After a few days they close/mitigate themselves again on their own.
I verified the raw scan files directly and confirmed the affected findings are not contained in them, so they should be marked as mitigated rather than reopened.
Affected scanners
Trivy
GitLab API Fuzzing Report
Impact
False re-opening of already-mitigated findings creates noise and inaccurate finding status in the dashboard.
I have observed this in the OSS and the Pro Version we are running. After a few days it gets back to normal, but the teams are running down my door, asking what the issue here is. Are there any known issues regarding this scanners?