dependency-track

dependency-track copied to clipboard

Add non-tracked component vulnerability analysis

6

The `/v1/vulnerability/component/{ident}` endpoint allows the specifying a hash or component uuid to retrieve the vulnerabilities. Enhance this endpoint to support Package URL. Also, enhance this endpoint to support non-tracked components...

stevespringett

OpenID users are not associated with a team

2

### Current Behavior: User logs in with OpenID for the first the time via Azure Active Directory. The 'OpenID Connect Users' page on DT shows user has been created, but...

dsaffie

Add ability to tag projects on BOM upload

5

It would be useful for automation if projects could be tagged on BOM upload. ### Current Behavior: Currently, when uploading BOMs via `PUT /v1/bom`, we can specify the following properties:...

UgniusV

Take processed policy violations into account when adding new project version

1

### Discussed in https://github.com/DependencyTrack/dependency-track/discussions/1597 Originally posted by **software-testing-professional** May 10, 2022 We use Dependency-Track for open source license clearing. A configured license whitelist contains a bunch of open source licenses,...

software-testing-professional

Add support for SPDX v3

8

### Current Behavior: * SPDX support was removed for technical (and other) reasons from prior versions of DT * SPDX currently does not describe what something is, only what something...

stevespringett

Vulnerabilities not detected

11

### Current Behavior: A new Dependency Track project was created (using the jenkins plugin). The BOM file is the same as a another project. The other project shows 22 vulnerabilities...

Jonas-vdb

Vulnerability webhook notification has incorrect notification level

3

### Current Behavior: When configuring a webhook notification publisher for the NEW_VULNERABILITY group with Notification Level WARNING, notifications are published with INFORMATIONAL level.  ### Steps to Reproduce:  ###...

AbdelHajou

Not able to login in dependency track using default login credential.

8

Hello I am new to this tool and I tried to install it on one of my VM having enough ram and cpu for dtrack to work. Containers are working...

rsumit

The enhancement may already be reported! Please search for the enhancement before creating one. ### Current Behavior: Currently many tasks use hardcoded URLs, such as the MavenMetaAnalyzer or OssIndexAnalysisTask. In...

sdibernardo

Tags are not updating the cards in UI

1

### Current Behavior: While browsing `/projects?tag=sometag` I can see the list filtered by the tag but not the graphs in cards like Portfolio Vulnerabilities, Projects at Risk, etc... ### Proposed...

kakumanivrn