dependency-track
dependency-track copied to clipboard
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
### Current Behavior Team-column is missing on Projects-page. There is Project Name, Version etc. but Team is missing. ### Proposed Behavior It would be possible to sort the Projects by...
add AttributedOnPolicyEvaluator for vulnerability age-based policy evaluation Implements production-ready evaluator with caching, error handling, and comprehensive logging. Supports ISO-8601 period formats with injectable dependencies for testing. ### Description ### Addressed...
### Current Behavior Currently when we use coordinates condition inside policies, it's needed to fill all fields (group, name, version) otherwise match doesn't work. ### Proposed Behavior Evaluate condition only...
### Current Behavior See: https://github.com/DependencyTrack/dependency-track/discussions/4992 It seems the policy violations are only updated if I upload a new SBOM after suppressing the findings ### Steps to Reproduce 1.Define a policy...
### Steps to Reproduce Upload a VEX like this (notice the extra comma after analysis): ``` { "bomFormat": "CycloneDX", "specVersion": "1.5", "version": 1, "vulnerabilities": [ { "id": "CVE-2017-18349", "source": {...
### Current Behavior Request: Our organization relies on Dependency-Track for automated notifications via email. Currently, Dependency-Track only supports basic SMTP authentication (username and password). Due to Microsoft’s announcement to deprecate...
### Current Behavior Hello. This is a bug to a slack discussion that we had in slack (On Feb 25). So we want to optimize dependency-track workflows and one of...
### Current Behavior BOM Download fails to generate the file. No file is downloaded and no error is displayed. HTTP API URL requested: https://dependency-track.local/api/v1/bom/cyclonedx/project/00000000-0000-0000-0000-000000000000?format=json&variant=inventory&download=true HTTP API response: ```json { "status":...
### Current Behavior Hello all, I am using 4.12 version of Dep track. I see that some CVEs are always unassigned.   All the schedulers are running without any...
### Current Behavior It seems that if I upload a BOM json document with first line being empty the contents are ignored. ### Steps to Reproduce 1. Create a new...