dependency-track

dependency-track copied to clipboard

### Current Behavior Currently Nuget repos are added by setting the baseURL (the default one being `https://api.nuget.org/` ) and not the value of the service index (like `https://api.nuget.org/v3/index.json` ). The...

AndreaVielCGN

Support limiting to tags for scheduled summary notifications

5

### Current Behavior Hello, We are using Dependency-Track v4.13.2. We have many projects and we would like to be alerted in slack chnanel based on the tag selection. If we...

vanyagyosheva

Duplicate Key Error When Using New API Key Button

2

### Current Behavior Creating a new API key in Dependency-Track fails with a unique constraint violation on the APIKEY table. This issue occurs when using the “New API Key” function...

shugg

Save suppressionExpirationDate

3

### Description ### Addressed Issue ### Additional Details ### Checklist - [x] I have read and understand the [contributing guidelines](../CONTRIBUTING.md#pull-requests) - [ ] This PR fixes a defect, and I...

arjavdongaonkar

Create an API interface that allows users to define other analysers/sources.

1

### Current Behavior DT only allows hard coded analysers and vulnerability sources. There is internal, Sonatype, VulnDB, Snyk and Trivy as examples. At the moment you cannot connect to ones...

nigellh

Inaccurate count of suppressed vulnerabilities in email template

1

### Current Behavior The email template displays the correct number of suppressed vulnerabilities in the _Overview_ section, but shows wrong numbers (always zero) in the _Project Summaries_ section, e.g.: ...

lukas-braune

1 vCPU always stuck at 100%

12

### Current Behavior I'm currently running a dockerized version of Dependency-Track (apiserver+frontend+postgresql) on a homelab and permanently have 1 vCPU stuck at 100% due to the Dependency-Track apiserver java runtime....

lmrts

Allow overriding existing vulnerability severity with Trivy-reported severity

1

### Current Behavior In the current implementation of the Trivy analyser integration: When Trivy reports a vulnerability, we: 1. Check if the reported `vulnId` exists in Dependency-Track's database. 2. If...

arjavdongaonkar

feat(analyzer): add option to ignore severity reported by Trivy scan

1

### Description * A new flag in the UI under: `Administration → Analyzer → Trivy` Labeled as **"Ignore severity reported by Trivy scan"** * This flag will be enabled by...

arjavdongaonkar

Reduce ERROR notifications for certain "normal" metadata scenarios (i.e. 404)

1

### Current Behavior I noticed that every non 2xx http response code triggers an `ERROR` notification to be raised for metadata analysis: https://github.com/DependencyTrack/dependency-track/blob/45982a2e1a12a0b0de17f955b856b27008fee02a/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java#L78-L89 ### Proposed Behavior I propose to make...

valentijnscholten