DependencyTrack
Empty response on /api/v1/analysis endpoint
Current Behavior:
We are trying to use the api endpoint /api/v1/analysis and receive an empty body with a http 200 OK.
Steps to Reproduce:
curl --location --request GET 'https://some-dependency-track-domain.rocks/api/v1/analysis?component=COMPONENT_ID&vulnerability=VULNERABILITY_ID' \
--header 'x-api-key: XXXXXXXXXX' \
--header 'Content-Type: application/json'
Expected Behavior:
Return the requested data within the response body or some sort of error message within the log.
Environment:
- Dependency-Track Version: v4.5.0
- Distribution: Docker
- BOM Format & Version: cyclonedx 1.4
- Database Server: PostgreSQL
- Browser: curl / postman
Additional Details:
When providing invalid uuid's for components or vulnerabilitys a valid error message is returned:
[
{
"input": "SOME_UUID",
"message": "Component is not a valid UUID"
}
]
Adding a project uuid is not changing the behavior.
Thanks for reporting @kuhball!
This is indeed an odd behavior that has been kept for historical reasons until now.
At the moment, whenever a component, project or vulnerability does not exist, the endpoint will return a 404. If they exist however, but no analysis exists for the provided objects, it will return a 200 with empty response body.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}