dependency-track

dependency-track copied to clipboard

When importing a BOM containing only services (such as a SaaSBOM), DT throws a NPE. Currently, DT assumes a BOM will always have components, thus resulting in an NPE.

stevespringett

different evaluation for the same vulnerability

2

### Current Behavior: Dependency track is giving 2 different severity results for the same vulnérability.   the first one is on H2, the second is on PostgreSQL. i have...

redaabdellah21

License Policy Violations Information loss

6

The defect may already be reported! Please search for the defect before creating one. ### Current Behavior: amqp-client use three licenses: MPL2.0 Apache 2.0 GPL2.0 https://github.com/rabbitmq/rabbitmq-java-client/blob/main/LICENSE  ### Steps to...

nibiwodong

Dependency track takes more than 30 minutes to analyze and Dependency tracker jenkins aborts due to polling time limti.

13

The defect may already be reported! Please search for the defect before creating one. ### Current Behavior: Jenkins Dependecy tarck jobs fails since server takes more 30 minutes analyze the...

jayachathu

Add support for CDX vulnerability references

3

### Current Behavior: Currently, each vulnerability is unique by its source and identifier. However, different sources have different identifiers for the same vulnerability. This leads to duplicate vulnerabilities, increased risk...

stevespringett

### Current Behavior: I am responsible for security questions in all of our projects, including tooling like Dependency-Track and PSIRT process. Even though projects should typically handle things on their...

rkg-mm

Less number of components after re-uploading BOM to existing project

5

### Current Behavior: If a new project is created from an uploaded BOM, the number of components is correct. But if the same file is re-uploaded (regardless via UI or...

software-testing-professional

### Current Behavior: When trying to add an ldap (active directory) user with a DN of more than 255 characters long, the user is added but in the interface in...

luidoc

Add Dependency-Track as default project

5

### Current Behavior: When starting a fresh instance of Dependency-Track, there are no projects in the portfolio. ### Proposed Behavior: Add Dependency-Track as default project to every new portfolio, with...

AbdelHajou

Implement Portfolio Access Control - Part 2

7

Ticket #140 describes the initial support for Portfolio ACLs (beta) and covers the majority of cases. However, there are known gaps and these gaps will be implemented in this ticket....

stevespringett