Niklas
Niklas
So the first error can occur when you delete a component (or a project that the component belongs to) while a metrics update is in progress. Does this happen every...
Ok, can you check if there are any orphaned records in the `DEPENDENCYMETRICS` table? ```sql select "COMPONENT_ID", count(*) from "DEPENDENCYMETRICS" as dm where not exists(select 1 from "COMPONENT" where "ID"...
Going to move this to v4.13. To really resolve this, input fields in the UI need indicators as to how many characters are allowed. We also need to ensure forms...
We've been waiting on https://github.com/stevespringett/cvss-calculator/issues/78 as a precondition, but I think we might just switch to https://github.com/org-metaeffekt/metaeffekt-core instead.
Implemented for v5: https://github.com/DependencyTrack/hyades-apiserver/pull/1508
For applications composed of multiple individual modules ("backend" and "frontend" in the simplest case), having some sort of risk inheritance ("app" depends on "backend", thus it inherits vulnerabilities, policy violations...
It's likely that we're currently not (or wrongly) populating a Trivy server API field that helps Trivy in "narrowing down" on the actually applicable vulnerabilities. Seeing that you're dealing with...
I will try to have a look this weekend. There are a few Protobuf extensions for BurpSuite, I am optimistic that will yield some insights.
I think I found the issue(s), they should be fixed with https://github.com/DependencyTrack/dependency-track/pull/4245. @cheapshot2000 with those fixes, I'm now getting 197 vulnerabilities for the BOM you provided. I haven't done a...
Severity and CVSS vectors are taken as-is from the Trivy response: https://github.com/DependencyTrack/dependency-track/blob/5235dd869afb3150da557642f821bb85de4e41fe/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java#L71-L94 Do note though that if you have mirrored CVEs from the NVD (which is enabled by default), DT...