Mark Symons comments

Results 111 comments of


                                            Mark Symons

Add CVSS score for GHSA vulnerabilites

@nscuro, what to do when a GHSA vulnerability has a CVE alias and the CVSS differs?

JSON parsing error in SnykAnalysisTask

In the API documentation: * 401: Unauthorized: the request requires an authentication token. * 403: Forbidden: the request requires an authentication token _with more or different permissions._ ie, Snyk did...

Test mail is not sent

From the original description above, the attached `log_dependencytrack.txt` contained useful error that was returned by the SMTP MTA at gmail: ``` Caused by: javax.mail.MessagingException: Got bad greeting from SMTP host:...

when uploading a BOM via API will fail

I have been encountered the error using CycloneDX module for .NET v3.0.8.0 and Dependency-Track v4.11.5 DT is configured for "BOM Validation" and "BOM Processing V2" [issue-1988-demo.xml](https://gist.github.com/msymons/9d8d38daa75eb18b78257add986a9aab#file-issue-1988-demo-xml)

when uploading a BOM via API will fail

@mtsfoni, @JCH2k (and others)... can anyone confirm whether or not the problem occurs when using Dependency-Track Jenkins plugin [v5.0.0](https://github.com/jenkinsci/dependency-track-plugin/releases/tag/v5.0.0)? I am afraid that this is something that I cannot currently...

when uploading a BOM via API will fail

@colinfyfe. I should have been more precise... requesting that an XML BOM generated by `CycloneDX module for .NET` be tested with Dependency-Track Jenkins plugin v5.0.0. The initial report for this...

when uploading a BOM via API will fail

@colinfyfe, yeah... we need to find an instance where a fail using plugin v4.3.1 either still fails with v5.0.0 or stops failing.

Policy: Add support for BOM in policy conditions

In order to make this useful we will need to first implement project-level policies per #2130. Implementing signature verification would also require additional work to be carried our within DT.

Version 4.10.0 encounters difficulties when attempting to create projects if there are pre-existing projects from earlier versions.

With 4.11-SNAPSHOT, I am seeing something similar: ``` 2023-12-11 15:25:50,762 INFO [BomUploadProcessingTask] Processing CycloneDX BOM uploaded to project: b900b6a8-f021-47d2-a390-7b56314e3dec 2023-12-11 15:25:52,644 WARN [Persist] Insert of object "org.dependencytrack.model.Component@46574d75" using statement "INSERT...

Version 4.10.0 encounters difficulties when attempting to create projects if there are pre-existing projects from earlier versions.

No problems that I have seen... but this has been difficult to check as my K8s system is not retaining logs and so every SNAPSHOT build results in a fresh...