dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

Metadata

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Results 588 dependency-track issues
Sort by recently updated
recently updated
newest added

Add Support for Snyk

3 comment

Once Package URL is implemented by Snyk, enhance Dependency-Track to be able to support the analysis of SBoMs using Snyk as a source of vulnerability intelligence. Snyk API access requires...

stevespringett avatar stevespringett

enhancement
p3

Proposal: Migrate docs from Jekyll to MkDocs + Material for MkDocs

1 comment

### Current Behavior: We currently use [Jekyll](https://jekyllrb.com/) to build our documentation. Jekyll is a generic static site generator and was never really intended for technical documentation, but for websites and...

nscuro avatar nscuro

enhancement
spike / research
documentation

Allow users to configure intervals for periodic tasks

8 comment

### Current Behavior: Currently most scheduled tasks are performed at a fixed interval that is hard-coded. For example, vulnerability analysis is performed every 24 hours after an initial delay of...

AbdelHajou avatar AbdelHajou

enhancement
help wanted

Add support for multiple licenses

32 comment

Components are often released under multiple licenses. SPDX license expressions provide this, and other capabilities. https://github.com/CycloneDX/specification/issues/1

stevespringett avatar stevespringett

enhancement
help wanted
p2

New Repositories are required: Github and Sourceforge

Many of FOSS SW components we are using for your internal services are placed on Github and Sourceforge repositories. In accordance with Standards we have to look for ALL known...

JN-CSIRT avatar JN-CSIRT

enhancement

GHSA - Github Security Advisories - Multiple mirroring updates of GHSA

1 comment

We are subscribes to GHSA and getting many mirroring updates of the GHSA in log: 2022-07-27 23:41:04,684 INFO [GitHubAdvisoryMirrorTask] Starting GitHub Advisory mirroring task 2022-07-27 23:41:07,456 INFO [GitHubAdvisoryMirrorTask] Updating datasource...

JN-CSIRT avatar JN-CSIRT

enhancement
p3

Wrong vulnerabilities reports when logical value NA used in CPE Version

Hi, I'm facing a issue with the version matching of component and vulnerabilites when CPE and Logical value NA ('-') are involed. ### Current Behavior: A project with a httpd...

florentulve avatar florentulve

in triage

Require the ability to extract the current and latest version of a package

1 comment

Cannot find the equivalent after searching. We have to create reports on packages showing that the ones that have a problem due to the latest version making the current one...

nigellh avatar nigellh

enhancement

Add GitHub as repository

4 comment

We work with OSS sources placed in Github. So we need to check the Package for actuality and for security issues. Is it planned to integrate GitHub as Repository to...

JN-CSIRT avatar JN-CSIRT

question

Component "Projects" tab: No Column Sort

6 comment

### Current Behavior: The "Projects" tab for a component displays two columns for the projects that have the component as a dependency: * Name * Version Each column displays an...

msymons avatar msymons

defect
p3

Metadata

2.4k
Stars
517
Forks
Watchers

Owner

verified publisher icon DependencyTrack

Metadata

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Back