dependency-track

dependency-track copied to clipboard

Team-column is missing on Projects-page

2

### Current Behavior Team-column is missing on Projects-page. There is Project Name, Version etc. but Team is missing. ### Proposed Behavior It would be possible to sort the Projects by...

vellukoo

feat: add AttributedOnPolicyEvaluator

1

add AttributedOnPolicyEvaluator for vulnerability age-based policy evaluation Implements production-ready evaluator with caching, error handling, and comprehensive logging. Supports ISO-8601 period formats with injectable dependencies for testing. ### Description ### Addressed...

arjavdongaonkar

Coordinates condition parameters

3

### Current Behavior Currently when we use coordinates condition inside policies, it's needed to fill all fields (group, name, version) otherwise match doesn't work. ### Proposed Behavior Evaluate condition only...

bilak

Policy violations only updated after BOM upload, not after VEX upload

1

### Current Behavior See: https://github.com/DependencyTrack/dependency-track/discussions/4992 It seems the policy violations are only updated if I upload a new SBOM after suppressing the findings ### Steps to Reproduce 1.Define a policy...

jakub-bochenski

VEX upload results in ISE 500 if it has invalid JSON

1

### Steps to Reproduce Upload a VEX like this (notice the extra comma after analysis): ``` { "bomFormat": "CycloneDX", "specVersion": "1.5", "version": 1, "vulnerabilities": [ { "id": "CVE-2017-18349", "source": {...

jakub-bochenski

Email integration should support OAuth2.0 authentication

2

### Current Behavior Request: Our organization relies on Dependency-Track for automated notifications via email. Currently, Dependency-Track only supports basic SMTP authentication (username and password). Due to Microsoft’s announcement to deprecate...

ndbg2024

### Current Behavior Hello. This is a bug to a slack discussion that we had in slack (On Feb 25). So we want to optimize dependency-track workflows and one of...

ysebyy

### Current Behavior BOM Download fails to generate the file. No file is downloaded and no error is displayed. HTTP API URL requested: https://dependency-track.local/api/v1/bom/cyclonedx/project/00000000-0000-0000-0000-000000000000?format=json&variant=inventory&download=true HTTP API response: ```json { "status":...

antoinbo

Unassigned Severity for (Critical) CVEs

5

### Current Behavior Hello all, I am using 4.12 version of Dep track. I see that some CVEs are always unassigned.   All the schedulers are running without any...

prabhushan

Uploaded SBOM or VEX silently ignored if the first line is empty

7

### Current Behavior It seems that if I upload a BOM json document with first line being empty the contents are ignored. ### Steps to Reproduce 1. Create a new...

jakub-bochenski