Trivy Operator Sbom Reports on Dependency track visualisation based on Container

[pavithra24]

I would like to analyze the SBOM reports generated by the Trivy operator in Dependency Track. However, I am encountering difficulty in associating these reports with their respective containers, as the information indicating the source container is not readily apparent within the Dependency Track tool.

Please let me know is there a way to visualise the reports on dependency track which is generated from trivy operator with container name in dependency-graph may be.

Let me know if there's any solution this.

[takumakume]

Is it important to track the container itself?
Assuming that the combination of container image name and tag is unique and reproducible, wouldn't tracking the image be sufficient?

If so, the following can be configured

  -e DT_PROJECT_NAME="[[.sbomReport.report.artifact.repository]]"
  -e DT_PROJECT_VERSION="[[.sbomReport.report.artifact.tag]]"

If you have a use for which you would like to track the container itself, we may be able to support you if you can provide more details about the backstory.

Sorry for the delay in responding.