Vulnerability Tree #1997
Comments
|
Great suggestion, thanks @BlythMeister! |
|
We are working on big improvements of the dependency-tree, to make it actually useful at all. This would cover stuff of DependencyTrack/frontend#85 and also further ideas. I think this would solve your requirement too, just a little different, since I have the same use case |
|
Yes that does sound great. At the moment we can see a risk score and what the vulnerabilities are, but once we have that, it's many hours of manual looking for solutions (unless it's in a direct dependency) |
|
Yep, facing the same issue. Workaround until then: I look it up in the originally imported BOM.xml file, there the origination is visible, even though not quickly to look up. |
…ncyTrack#2189) * Add method to return expanded dependency graph Adds a new API method, which returns a list of components that are needed to display a dependency graph that is expanded to every occurrence of a specified component. Adds new transitive attributes to the component and project class, which are needed to correctly display and expand the resulting dependency graph. Signed-off-by: RBickert <rbt@mm-software.com> * Return empty list instead of HTTP conflict Signed-off-by: RBickert <rbt@mm-software.com> * Return empty list instead of HTTP conflict Signed-off-by: RBickert <rbt@mm-software.com> * Fix root components not being found Signed-off-by: RBickert <rbt@mm-software.com> * Change UUID in query to parameter Signed-off-by: RBickert <rbt@mm-software.com> * Add tests for `getDependencyGraphForComponent` Change `Component.expand` to `Component.expandDependencyGraph` Remove string concatenation in `getDependencyGraphForComponent` and `getParentDependency` in `ComponentQueryManager` Signed-off-by: RBickert <rbt@mm-software.com> Signed-off-by: RBickert <rbt@mm-software.com> Closes DependencyTrack#1997 Signed-off-by: mulder999 <nospam099-github@yahoo.com>
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
…ncyTrack#2189) * Add method to return expanded dependency graph Adds a new API method, which returns a list of components that are needed to display a dependency graph that is expanded to every occurrence of a specified component. Adds new transitive attributes to the component and project class, which are needed to correctly display and expand the resulting dependency graph. Signed-off-by: RBickert <rbt@mm-software.com> * Return empty list instead of HTTP conflict Signed-off-by: RBickert <rbt@mm-software.com> * Return empty list instead of HTTP conflict Signed-off-by: RBickert <rbt@mm-software.com> * Fix root components not being found Signed-off-by: RBickert <rbt@mm-software.com> * Change UUID in query to parameter Signed-off-by: RBickert <rbt@mm-software.com> * Add tests for `getDependencyGraphForComponent` Change `Component.expand` to `Component.expandDependencyGraph` Remove string concatenation in `getDependencyGraphForComponent` and `getParentDependency` in `ComponentQueryManager` Signed-off-by: RBickert <rbt@mm-software.com> Signed-off-by: RBickert <rbt@mm-software.com> Closes DependencyTrack#1997
Current Behavior:
Vulnerability doesn't show the reason your project has that vulnerable component.
You need to work through the project dependencies manually to establish if you can actually take the required update.
Proposed Behavior:
On the vulnerability screen include the upward depenency tree to the top level item.
This way you will be able to identify why you have a reference to the vulnerable dependency.
The text was updated successfully, but these errors were encountered: