You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I upload an SBOM that contains internal components and third party packages (ex : debian) there are no vulnerabilities that are shown for the created project.
Knowing that i have enabled OSSIndex and I have added the sonatype account.
I did a test with an SBOM that contains python packages and there are vulnerabilities that are detected with the OSSIndex analyzer. So the issue is related to the internal analyzer.
Steps to Reproduce
Upload an SBOM that contains some debian packages that are vulnerables.
After the VulnerabilityAnalysis task is done check if the project contains vulnerabilities
Expected Behavior
The vulnerabilities should be shown for the created project
Current Behavior
When I upload an SBOM that contains internal components and third party packages (ex : debian) there are no vulnerabilities that are shown for the created project.
Knowing that i have enabled OSSIndex and I have added the sonatype account.
I did a test with an SBOM that contains python packages and there are vulnerabilities that are detected with the OSSIndex analyzer. So the issue is related to the internal analyzer.
Steps to Reproduce
Expected Behavior
The vulnerabilities should be shown for the created project
Dependency-Track Version
4.7.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Mozilla Firefox
Checklist
The text was updated successfully, but these errors were encountered: