dependency-track
dependency-track copied to clipboard
DependencyTrack
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
### Current Behavior: When uploading a SBOM all files are replaced. This seems intuitive and logical ### Proposed Behavior: Many repos are composites these days of all sorts of languages...
Hi everyone, my company is internally working with dependency-track, and we found it useful to have the tool create Jira tickets and post to google chat. For this, we made...
### Proposed Behavior: Issue to explore DependencyTrack being able to indicate whether a dependency has a [Sigstore](https://www.sigstore.dev) signature detected. To better cyber risk assess the software supply chain. See also:...
### Current Behavior: When exporting an SBOM from the UI, I identified you could only export it in the JSON format. ### Proposed Behavior: Would be good to have an...
Anaconda is widely used in my organisation, and I identified that DependencyTrack only natively handles PyPI. It would be awesome if there could be a native capability to fetch data...
### Current Behavior: I have 2 projects with some common components: one managed by maven and another one managed by gradle. The project manage by maven report vulnerabilities and the...
Fixes #1611 Signed-off-by: nscuro Notable change in behavior compared to 3.8.0: `analyzeNotificationCriteria` was invoked in 3.8.0 when a new dependency was created: https://github.com/DependencyTrack/dependency-track/blob/f37279c862a6302a2c56a19dc13d5e9a71d65790/src/main/java/org/dependencytrack/persistence/QueryManager.java#L1259 That worked because components were global and...
Continuation of #1481. Relates to #1210. Replaces #1697 due to DCO causing trouble. --- This PR contains a refactoring of the `MetricsUpdateTask` to improve its resource efficiency. Calculating portfolio metrics...
### Current Behavior: Dependency Track manage BOM and VEX as distinct entities with their own API as recommended [here](https://cyclonedx.org/capabilities/vex/). From an automation perspective, one has to : - Upload a...
### Current Behavior: DT stopped reading the bom because it couldn't put the publisher fieald value in the DB because of its length. as a consequence, DT stopped reading the...
Metadata
Owner
Metadata
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.