syalioune

@nscuro @stevespringett If that's ok for you, i can work on this one.

Hello Guys, Looking at the code at line BomUploadProcessingTask.java:178 below, it is most likely a recursion issue (consistent with the stackoverflow error) due to a deep parent-child component hierarchy :...

Yup, Just replicated with attached sbom with a depth of 14 recursive childs for component `bcprov-jdk15on` [bom.txt](https://github.com/DependencyTrack/dependency-track/files/9410617/bom.txt). It's a bit strange but first upload went ok, the issue appear at...

It would definitively help if you could provide your anonymized SBOM. My test SBOM is somewhat biased and extreme as I have duplicated the same component in the nested hierarchy...

Hello @natefive Given a project with uuid `PROJECT_UUID`, a VEX like below works for me ```json { "bomFormat": "CycloneDX", "specVersion": "1.4", "version": 1, "metadata": { "timestamp": "2022-09-19T09:20:57Z", "component": { "name":...

Hello Nate, > are you sure the affects.ref is supposed to be the project UUID, I thought that it should be the UUID of the vulnerable package/ component? Based on...

Great ! Keep us posted.

Hello @nscuro That's great 👍 Is there any way to make NEW_VULNERABLE_DEPENDENCY and NEW_VULNERABILITY mutually exclusive (i.e : knowing that the component was newly added in `NotificationUtil.analyzeNotificationCriteria` ) ? Otherwise,...

@AbdelHajou Are you working on this enhancement request ? or anyone else ? We are very interested by this feature in my organization and I should have time to get...

@stevespringett I see that the issue is assigned to you, are you actively working on it ? If not, I would like to provide an implementation. Does not seem like...