Mark Symons
Mark Symons
In updating a project's build.gradle cyclonedx plugin version from 1.3 to 1.6.1, I got errors and a failed build. Further testing established that 1.4.1 was the last good version. ie,...
cyclonedx-cli 0.14.0 is not validating a BOM [jake-bom.xml](https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples/blob/master/jake-bom.xml) from Sonatype's [cyclonedx-sbom-examples](https://github.com/sonatype-nexus-community/cyclonedx-sbom-examples) repo. The BOM appears to be schema v1.1 using the vulnerability extension. It is not pretty printed, so here...
It would be useful to be able to have a new `scope-change` option for the Diff command to examine SBOMs for change in scope (required optional). 1. I think that...
As an enhancement, it would be useful to be publish SBOM examples for 2 versions of the same OSS project. It does not really matter which project is chosen. Dropwizard...
### Current Behavior: I have continious Dependency-Track logs going back to 14 May 2019 (when I was running v3.4.1). Starting one hour after upgrade from 3.4.1 to 3.5.0 on 7...
The use of embedded-consul 2.0.0 causes third-party threat analyzers (such as dependency-track) to generate threat alerts due to CVE threats in dependencies and transitive dependencies. slf4j-api and groovy-all should be...
Alpine currently uses `maven-surefire-plugin` v2.22.2, the last 2.x release. This plugin is not compatible with upcoming Maven 4.0.0 and should be upgraded to 3.x. Currently, the most recent plugin release...
Enhancement: In Dependency-Track v3.3.1, clicking on "projects" provides a summary of metrics at the top of the screen: - Portfolio Vulnerabilities - Projects at Risk - Vulnerable Components - Inherited...
### Current Behavior Dependency-Track v4.7.0 introduced Beta support for Snyk Analyser. This requires configuration of `Organization ID` and `API token`, as well as `API Version` I thought I had valid...
### Current Behavior: Per post in Slack by @stevespringett regarding what happens to BOMs when they are uploaded to Dependency-Track: > The original BOMs are dismissed. When BOMs are uploaded,...