Project level recommendation to "Safer & Closest Version" or "Safest Version" to fix an existing vulnerable component version

[sprathod369]

The enhancement may already be reported! Please search for the enhancement before creating one.

Current Behavior:

Specific to SCA, Dependency-Track already supports outdated version detection. However, at the project level, when one visits the "Audit Vulnerabilities" tab, insights of the components that are vulnerable with the current version, severity, GHSA / NVD insights etc. are available but this diagnosis has limited value without any recommendation to retrofit the component. that is commonly available in most SCA tools and platforms

Proposed Behavior:

It would be nice to have Dependency Track recommend or provide insights to the "Safer & Closest Version" or "Safest Version" for the vulnerable component version in use. This will help users with an actionable outcome as part of remediating the vulnerability rather than looking at other SCA tools and external sources on what version to upgrade / downgrade to fix the vulnerable library.

[walterdeboer]

#2501 wil provide the highest stable version. This version should be periodicaly checked to see if it's safe

[rcsilva83]

+1 to this. It's currently challenging to find out to which version to update in cases where the latest version is a different major version and another minor version is enough fix an issue without major impact on application's code.

[rcsilva83]

@walterdeboer apparently the "Latest version" column isn't displayed by default. Is there any way to make it visible by default?