dependency-track

dependency-track copied to clipboard

Dependency tracker dashboard issue.

1

### Organization Name UIDAI ### Organization Website _No response_ ### Organization Logo (optional) _No response_ ### How is your organization using Dependency Track? We have deployed Dependency-Track using Docker and...

pawanmaloth

### Current Behavior You can PUT this policy json: ``` { "name": "TestPolicy" } ``` ### Steps to Reproduce If you POST a json of existing policy like: ``` {...

jakub-bochenski

Add suppress and unsuppress for all projects

4

### Description This commit introduces functionality to suppress or unsuppress a vulnerability in all projects where the affected component appears. It streamlines bulk vulnerability management across projects, reducing the need...

rufhe513

Towards a centralized vulnerability database for Dependency-Track

12

### Current Behavior When Dependency-Track came into existence around 2013, the only public and widely accepted vulnerability database was the NVD. Since its inception, DT has supported mirroring of the...

nscuro

### Current Behavior Alert notifications in Dependency-Track can currently be limited by: - A specific project-version combination - Specific tags However, there is no support for parentName in the alert...

gueyemoo

Possibility for DependencyTrack to Create a DefectDoJo Product and Engagement

7

Would it be possible to add the logic and webhooks for DependencyTrack to call the DefectDoJo API and create a Product with a CI/CD enguagement, then update the DependancyTrack Pjject...

artfulbodger

PUT oidc/mapping should be idempotent

2

### Description Make PUT `api/oidc/mapping` idempotent as it should be ### Addressed Issue #4950 ### Additional Details ### Checklist - [x] I have read and understand the [contributing guidelines](../CONTRIBUTING.md#pull-requests) -...

snieguu

Improve analysis visualization with trivy with new fields "Status" and "Fixed Version".

2

### Current Behavior Upload an sbom file to perform an analysis with trivy. ### Proposed Behavior Trivy provides useful information during its analysis such as "Status" and "Fixed Version". Can...

USer78012

Add option to configure notifications based on severity level

8

### Description This PR adds support for configuring which CVE severities should trigger alert notifications. #### Previously: All NEW_VULNERABILITY_IDENTIFIED events triggered notifications, regardless of severity (e.g., low, medium, high). ####...

emyhrberg

DependencyTrack does not honor the ecosystem-version/release-branch/distribution-name

3

### Current Behavior PURLs in SBOMs contain often the information to which distribution they belonging to e.g. pkg:deb/debian/[email protected]+deb12u1?arch=amd64&distro=debian-12 means expat in version 2.5.0-1+deb12u1 from distribution debian-12 (which is bookworm). For...

Andre-85