dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

OSV fix : removed alias check

Open sahibamittal opened this issue 2 years ago • 1 comments

Signed-off-by: Sahiba Mittal [email protected]

Current behaviour: OSV download task checks if there is any existing vulnerability with ID same as one of aliases of incoming new vulnerability (with new vulnerability ID) and if alias exists we dont add this incoming vuln in DT but only add new affected packages in existing vulnerability. Proposed change: Even if alias exists in DT, we add this new incoming vuln (with new ID) as aliases will be handled separately now. (https://github.com/DependencyTrack/dependency-track/pull/1912)

sahibamittal avatar Sep 08 '22 10:09 sahibamittal

@nscuro @VinodAnandan

sahibamittal avatar Sep 08 '22 10:09 sahibamittal

:warning: 14 God Classes were detected by Lift in this project. Visit the Lift web console for more details.

sonatype-lift[bot] avatar Oct 04 '22 17:10 sonatype-lift[bot]