SCM URLs for `git@server:repo` (without an explicit schema like `ssh://`) do not render right

[jimklimov]

Current Behavior

In my SBOM documents I have "components[] / externalReferences[]" as lists of objects like { "type": "vcs", "url": "scm:git:git@server:group/repo.git" } where the URL-ish part git@... does not have any schema like git+ssh:// or plain ssh:// (its just is as it comes from pom.xml files).

In Dependency-Track web-ui such links are rendered verbatim, e.g. scm:git:[email protected]:lukas-krecan/JsonUnit.git/json-unit-assertj so the browser leads nowhere - and there's even no schema prefix to register a handler for, I think (musing about scm:git:// prefix for users to somehow deal with if desired, or smart rewrite into the more standard git+ssh://[email protected]:lukas-krecan/JsonUnit.git/json-unit-assertj right away?)

Also note that URL entries mis-written as just git@... without an scm:git:... prefix are rendered as relative links under the Dependency-Track server root URL (e.g. http://localhost:8080/components/git@...), I suppose these links should always be absolute even if useless.

Steps to Reproduce

1. Upload a BOM file with some non-HTTP VCS URLs for components
2. Go to Component details in Web-UI
3. On the right, open a drop-down for links; explore those marked VCS

Expected Behavior

• VCS URLs are always emitted as absolute in HTML markup (VCS link strings relative to DT server are certainly useless)
• If possible, ensure a standard schema prefix that applications/browsers could register OS handlers for, and open a suitable client application/IDE/...
• Perhaps (have a toggle to) assume that git@... links without a prefix/schema mean git+ssh:// in fact

Dependency-Track Version

4.11.7

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Mozilla Firefox

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported