DependencyTrack
Currently Dependency Track removes 'properties' -fields from the uploaded sbom-file's 'component' -items. Could this be changed?
Current Behavior
In our case we have included the file paths of various components into the 'properties' -field of each component in the sbom-file.
After uploading the sbom-file to DT and downloading the file back, the 'properties' -fields have been removed from it.
Proposed Behavior
Do not remove 'properties' -fields from uploaded sbom-files. Having the option to view the contents of 'properties' -fields in Dependency Track's User Interface next to the found vulnerabilities would make it a lot easier to locate the vulnerable dependencies in our repositories.
Checklist
- [X] I have read and understand the contributing guidelines
- [X] I have checked the existing issues for whether this enhancement was already requested
What version of DT are you using? Support for component properties was added in v4.11.
I am seeing this behavior in a locally running the following version:
{
"system_id": "***",
"dt_version": "4.13.5",
"db_type": "PostgreSQL",
"db_version": "16.10"
}
I've attached the metadata section of the sbom I'm uploaded
Though I suspect that metadata properties may require different properties than component properties. I'm expecting these to show up in the project properties in the webview
