hyades icon indicating copy to clipboard operation
hyades copied to clipboard
verified publisher icon DependencyTrack

Document differences between Dependency-Track 4.x and Hyades / DT 5.x

Open nscuro opened this issue 2 years ago • 1 comments

While we are mostly compatible with DT 4.x, we made a few changes that users should know about when considering an upgrade.

For example:

  • How configuration is done
  • What RDBMSes are supported / or not supported
  • New notifications that were added
  • New features (e.g. workflow state tracking)
  • ...

nscuro avatar Nov 23 '23 11:11 nscuro

Breaking Change: Some Notification Values Changed

  • Generally, subject objects passed to notification templates are Protobuf objects now, as defined in https://github.com/DependencyTrack/hyades/blob/main/proto/src/main/proto/org/dependencytrack/notification/v1/notification.proto
    • Shouldn't break anything by itself, but some fields may be named differently
    • List fields now have a List suffix (i.e. vulnerabilities -> vulnerabilitiesList)
  • Level values are now prefixed with LEVEL_
    • Before: INFORMATIONAL
    • Now: LEVEL_INFORMATIONAL
  • Scope values are now prefixed with SCOPE_
    • Before: SYSTEM
    • Now: SCOPE_SYSTEM
  • Group values are now prefixed with GROUP_
    • Before: NEW_VULNERABILITY
    • Now: GROUP_NEW_VULNERABILITY
  • The timestamp value passed to notification templates is now consistently formatted with three fractional digits (https://github.com/DependencyTrack/hyades/pull/795)
    • Before: 1970-01-01T00:11:06Z, or 1970-01-01T00:11:06.000Z, or 1970-01-01T00:11:06.000000Z, or 1970-01-01T00:11:06.000000000Z
    • Now: 1970-01-01T00:11:06.000Z

nscuro avatar Feb 09 '24 10:02 nscuro