Niklas

@stevespringett I'm going to interpret that as approval and merge this one myself now so that our CI builds continue to work ✌

What portfolio dimensions are we speaking of here? Considering a single project has almost 20k components already, I'm assuming there is a lot going on in your Dependency-Track instance? Ultimately...

I think I see where the bottleneck is. I tested with a BOM with a little above 20k components. Broadly speaking, when uploading a BOM, Dependency-Track will queue a `RepositoryMetaEvent`...

Implemented a partial fix in #1772.

Hi @jayachathu, please keep in mind the following constraint for `alpine.worker.threads.multiplier`, as stated in the docs: > This property is only used when alpine.worker.threads is set to 0. In your...

I need more time to investigate and solve this appropriately. Caching of repository lookups (#1943) plays into this as well. I'm moving this to 4.7 for the time being.

I'm getting the same vulnerability details with both of your mentioned databases. What you see in your Postgres setup are the vulnerability details from OSS Index: https://ossindex.sonatype.org/vulnerability/sonatype-2021-0449?component-type=npm&component-name=handlebars If a vulnerability...

Hi @bahrb, false positives raised by an external source is not something we can do anything about. For OSS Index, please file your correction in this repo: https://github.com/OSSIndex/vulns

The button is inactive until you provide a personal access token (PAT). This is intentional to drive the point home that GHSA requires authentication. If the button is not clickable...

You have to use the external IP or hostname of your VM for the frontend container's `API_BASE_URL` environment variable, see https://github.com/DependencyTrack/dependency-track/pull/1075/files#diff-c3d30d4845cc6f240782a49f91ce0c35378d163006beee6530bf3448719db99bR92-R96