Niklas

icon indicating an email [email protected]

icon location Kiel, Germany icon location "I have no idea why this works. You better don't touch it."

Results 821 comments of Niklas

Re-implement support for `NEW_VULNERABLE_DEPENDENCY` notification

@syalioune @stevespringett Let's address that in another enhancement. We'll need a more sturdy way to track whether a component is new. Dragging a detached collection of `Component`s through the system...

Re-implement support for `NEW_VULNERABLE_DEPENDENCY` notification

@msymons Yes! Just for components instead of vulnerabilities. And by reading the comments, the concerns also hold true in that case (what does "first seen" even mean?).

Make background tasks periodicity configurable

> I suggest interval. Cadence, to my understanding, is more like the number of times per period, i.e twice a day. Not sure if cadence = 24 is intuitively understood...

Make background tasks periodicity configurable

@stevespringett To me it looks like all your points have been addressed. Anything else you want done before we can merge?

Vulnerability webhook notification has incorrect notification level

The current logic indeed sees notification levels exclusively as a filter. The level of notifications being sent is hardcoded and does not seem to be intended to be modified by...

Prevent event queue saturation when processing BOMs with large component quantities

Only downside I can fathom right now is that repository meta analysis will take a little longer in total, due to the switch from parallelized to sequential processing. But I...

Prevent event queue saturation when processing BOMs with large component quantities

> Instead, if DT could only fire RepositoryMetaEvent when a new component is added? That will certainly help for existing projects, but not for new ones. It'd also mean that...

Prevent event queue saturation when processing BOMs with large component quantities

Hmmm, I just noticed that we don't cache repository meta data at all right now. That alone will most likely yield a significant improvement. I'll get this sorted and also...

Prevent event queue saturation when processing BOMs with large component quantities

Cancelling this for now as stated in https://github.com/DependencyTrack/dependency-track/issues/1759#issuecomment-1242768566. The missing caching for repository meta data has been logged in https://github.com/DependencyTrack/dependency-track/issues/1943 and is scheduled for 4.7.

Allow users to configure intervals for periodic tasks

> @syalioune: Seems like [ComponentAnalysisCache.CacheType.REPOSITORY](https://github.com/syalioune/dependency-track/blob/feature/configurable_period_for_tasks/src/main/java/org/dependencytrack/model/ComponentAnalysisCache.java#L56) is never used anyway Huh, yeah, I stumbled over the same thing in https://github.com/DependencyTrack/dependency-track/pull/1772#issuecomment-1204430099. But it really *should* be used, seems like we're doing a...