Niklas

icon indicating an email [email protected]

icon location Kiel, Germany icon location "I have no idea why this works. You better don't touch it."

Results 836 comments of Niklas

"...project/{name}/{version}" API Fails to Retrieve Badge When Project Name Includes "/"

@we684123 The documentation lives here: https://github.com/DependencyTrack/dependency-track/tree/master/docs Instructions to work with it are here: https://github.com/DependencyTrack/dependency-track/blob/master/DEVELOPING.md#documentation

BOM Validation: add component name to the error

Based on the documentation of the JSON schema validator used by `cyclonedx-core-java`, we won't get much more information than shown in the response you posted: https://github.com/networknt/json-schema-validator?tab=readme-ov-file#results-and-output-formats In any case, enrichment...

BOM Validation: add component name to the error

There's a discussion to be had about how helpful the response *really* needs to be (see for example https://github.com/DependencyTrack/dependency-track/issues/3218#issuecomment-1925452668). The core intent for DT is to prevent invalid documents from...

BOM Validation: add component name to the error

Also note that validation errors for JSON appear to contain a valid [JSONPath](https://goessner.net/articles/JsonPath/) to the invalid element. Granted, for `$.components: the items in the array must be unique` that might...

Database could avoid re-writing/updating vulnerability if value is not different

The default flush behavior of the ORM plays into this, see https://github.com/DependencyTrack/dependency-track/pull/4039 The NVD mirroring tasks do a slightly better job of this, since they only call setters if they...

Database could avoid re-writing/updating vulnerability if value is not different

Since `synchronizeVulnerability` is not a public API, we are free to change it however we see fit. There is no reason it **has** to call `updateVulnerability` first. You could also...

Database could avoid re-writing/updating vulnerability if value is not different

Oh btw, another way to reduce unnecessary load on the DB would be to use `callInTransaction` for these methods. Here's an example: https://github.com/DependencyTrack/dependency-track/blob/7ce8e0471a32c37eef81994894d7c1b35759b245/src/main/java/org/dependencytrack/persistence/NotificationQueryManager.java#L162-L171 Without it, each setter call on a...

Missing half of cves

Please check the logs for any errors during the mirroring process.

feat: Add token output

Thanks for the PR @altinukshini! Please sign-off your commit so the DCO check passes. You can find instructions by clicking on the *Details* link next to the failing check.

Add support for European Union Vulnerability Database (EUVD)

See also: https://github.com/DependencyTrack/dependency-track/discussions/4851