frontend Display NVD API Attribution Notice

Display NVD API Attribution Notice

Open sebD opened this issue 1 year ago • 1 comments

Current Behavior

This issue is a parent of dependency-track#3294

Since Dependency Track use NVD Rest API (with the APIKEY provided by the deployer) the product Dependency Track should have to respect the Terms of Use of the NVD API and display somewhere the required notice

This product uses the NVD API but is not endorsed or certified by the NVD.

OWASP Dependency Check had the same issue : DependencyCheck#6105

Steps to Reproduce

Browse the available documentation on the website: no notice google search prompt : site:https://docs.dependencytrack.org/ "This product uses the NVD API but is not"

No notice on the about dialog in v 4.10.0 the NVD appears in the DATASOURCE PROVIDERS but without the notice.

Expected Behavior

The NVD terms of use should be respected.

Dependency-Track Frontend Version

4.7.x

Browser

Google Chrome

Browser Version

No response

Operating System

Windows

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this defect was already reported

Feb 23 '24 11:02 sebD

Hi,

I opened this issue to discuss the proper way to display the message in the About dialog as suggested by msymons

Feb 23 '24 12:02 sebD

frontend frontend copied to clipboard

Display NVD API Attribution Notice

Current Behavior

Steps to Reproduce

Expected Behavior

Dependency-Track Frontend Version

Browser

Browser Version

Operating System

Checklist

frontend
frontend copied to clipboard