DependencyTrack
Conflicting success message with backend SBOM failure
Current Behavior:
When uploading a CycloneDX formatted SBOM with services (used this example), the DependencyTrack client is signaling a successful BOM upload. However, the debug terminal is process an error and then no actual BOM data is uploaded to the project.
Steps to Reproduce:
- Use the SBOM linked above and load it to a new project
- You should see the client success message, like so:
- You should then also see a processing error like so:
Expected Behavior:
- If the BOM is actually failing on the back end, then the client side message shouldn't say the BOM was loaded successfully. The error should extend to the client side so the user knows there is an error and not to expect their data to load appropriately.
Environment:
- Dependency-Track Version: 4.4.1 (frontend 4.4.0)
- Distribution: Docker
- BOM Format & Version: JSON 1.3 (see link above)
- Database Server: PostgreSQL
- Browser: Chrome
Additional Details:
dtrack-apiserver_1 | 2022-02-28 15:38:28,728 INFO [BomUploadProcessingTask] Processing CycloneDX BOM uploaded to project: 7910308f-4591-418a-9883-465dbc02a671 dtrack-apiserver_1 | 2022-02-28 15:38:28,733 ERROR [BomUploadProcessingTask] Error while processing bom dtrack-apiserver_1 | java.lang.NullPointerException: null dtrack-apiserver_1 | at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convertComponents(ModelConverter.java:75) dtrack-apiserver_1 | at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:103) dtrack-apiserver_1 | at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:99) dtrack-apiserver_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) dtrack-apiserver_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) dtrack-apiserver_1 | at java.base/java.lang.Thread.run(Unknown Source)
