Mark Symons
Mark Symons
### Current Behavior: Dependency-Track v4.5.0 introduced support for [EPSS](https://www.first.org/epss/model). This is currently provided via the `"Exploit Predictions" tab in each project. The scatter graph is definitely useful. It does allow...
### Current Behavior As a result of logging improvements introduced in v4.9.0 via Issue #2979, a Version Distance Policy that attempts to evaluate a component that contains a letter in...
### Current Behavior: As of v4.6.x, the policy system in Dependency-Track is based around components only. There is no support for policies that operate at the project-level. ### Proposed Behavior:...
The SPDX License List is a subschema of the main CDX schema. CyclonedDX is currently using 3.17 of the SPDX License List, whilst the latest version is 3.19. 15 new...
plugin v2.7.11 added support for custom External References via #428. Following the [documentation](https://cyclonedx.github.io/cyclonedx-maven-plugin/external-references.html) I initially added the following to configuration section of pluginManagement entry for plugin: ``` static-analysis-report https://foo.bar.com SonarQube...
Building a project using Maven 3.9.x will generate plugin validation warnings. These a intended to help spot problems that plugins might run into when Maven 4.x is released. When using...
Building a project using Maven 3.9.x will generate plugin validation [WARNING] log entries. These a intended to help spot problems that plugins might run into when Maven 4.x is released....
### Current Behavior: The Change Log for Dependency-Track can be found at: https://docs.dependencytrack.org/changelog/ The page contains multiple anchors. The anchors are not unique and do not reference (say) version numbers....
### Current Behavior: As of Dependency-Track v4.6.0, the policy engine does not yet support checking for anything relating to age. ### Proposed Behavior: Use "Last BOM Import" date an input...
### Current Behavior The latest release of DT is v4.10.1 and the BOM is published as a [release asset](https://github.com/DependencyTrack/dependency-track/releases/download/4.10.1/bom.json). The BOM is generated using CycloneDX v2.7.9 which only supports CDX...