dependency-track
dependency-track copied to clipboard
DependencyTrack
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
### Current Behavior We would like to group the list of vulnerabilities at the package level. At the moment, in DT we see in the DT vulnerabilities section, for example,...
I searched open and closed issue and didn't find anything matching. I use release of one project as a dependency in another project. ### Current Behavior: So, project a is...
### Current Behavior I have a Trivy scanner running in server mode. I verified that it is correctly set up: `wget http://trivy.xyz/version` `trivy image --server http://trivy.xyz --token dummy -d alpine:3.10`...
### Issue Type: Defect ### Current Behavior: When a project is created in Dependency-Track v3.3.1 and a CycloneDX BOM is uploaded, then the project will be populated with components and...
### Description Adds support for configuring how internal component regex filters are applied. - Introduced a new config property: `internal-components.match-mode` (`OR` by default, accepts `AND`) - When set to `AND`,...
### Current Behavior The endpoint does not return the various membership properties, but the membership properties are returned for `GET /v1/team/` (list all teams) ### Steps to Reproduce Create team,...
### Expected Behavior As clarified by [RFC 9110](https://www.rfc-editor.org/rfc/rfc9110.html#name-delete) using method body in DELETE requests is not interoperable. > Although request message framing is independent of the method used, content received...
### Current Behavior i upload an sbom with vul, but send webhook error
### Current Behavior Currently all Bom's are always exported with Spec-Version 1.5 See [CycloneDXExporter](https://github.com/DependencyTrack/dependency-track/blob/master/src/main/java/org/dependencytrack/parser/cyclonedx/CycloneDXExporter.java#L97) ### Proposed Behavior The output version should be controllable via an optional Parameter passed to the...
Bumps org.metaeffekt.core:ae-security from 0.138.0 to 0.139.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Metadata
Owner
Metadata
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.