-
-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use cpe and/or purl from cyclonedx metadata.component to set project cpe and/or purl. #3643
Comments
Already addressed in dependency-track/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTaskV2.java Lines 339 to 355 in 3efdd24
But not in the legacy dependency-track/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java Lines 115 to 155 in 3efdd24
|
Current Behavior
When importing an SBOM that defines a CPE and/or PURL for the metadata.component, these fields are not populated for the project created.
Other properties of the metadata.component have been fixed in the past, see e.g. #3179
Steps to Reproduce
Expected Behavior
Imported project also populates CPE and PURL fields if present in the metadata.component.cpe/purl
Dependency-Track Version
4.10.0
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist
The text was updated successfully, but these errors were encountered: