Niklas

Dabbling with this right now, as the issue with the CLI has since been fixed. The BOM generated during the Maven build can be merged with the service BOM using...

I raised a draft PR and would appreciate feedback on how this feature should behave: https://github.com/DependencyTrack/dependency-track/pull/2124

Some additional notes: 1. OpenRewrite has a recipe for the migration to Jakarta EE 9: https://docs.openrewrite.org/recipes/java/migrate/jakarta/javaxmigrationtojakarta. I tested it already and it works great, both for the Alpine and Dependency-Track...

@stevespringett What is your current opinion on how to deal with Alpine's OpenAPI integration? * As mentioned above, updating the Swagger library is a precondition for moving forward with the...

> I see that this ticket is closed but I am still hopeful. The issue is still open and implementation is definitely planned. > When I upload a BOM generated...

@apsdts Yes, what's described in this issue is still planned and #3251 is *not* a replacement for that.

@fnxpt DT currently only imports analyses from VEX for vulnerabilities that have already been identified. Importing vulnerabilities themselves does currently not work, for neither VEX nor VDR. Ideally, importing a...

There are multiple improvements in 4.7 that will address cases like this: Improved batching for OSS Index (#2023) will prevent inefficient calls like this from happening: ``` 2022-07-05 06:38:18,970 []...

@gruselglatz Are the projects with missing vulnerabilities marked as inactive? Inactive projects are not part of the daily portfolio-wide vulnerability analysis.

I raised a PR for this in Alpine: https://github.com/stevespringett/Alpine/pull/480 This will support all the various `/health`, `/health/live`, `/health/ready`, and `/health/started` endpoints. The PR includes readiness check for database connections, but...