DependencyTrack
Please add support for component "scope" parameter
Current Behavior
When adding/editing components in DTrack, there is no ability to set a "scope" parameter. In the CycloneDX BOM format this can be set to required, optional or excluded. Without this there is no way to flag a dependency as something that is not shipped, such as runtime or development dependencies.
Proposed Behavior
I suggest implementing functionality within DTrack that recognizes and utilizes the "scope" parameter allowed in the JSON spec. This would allow us to list non-required dependencies and flag them appropriately. It will improve the accuracy of vulnerability analysis by focusing on shipping component and better align DTrack with the CycloneDX specification.
Ref: https://cyclonedx.org/docs/1.5/json/#components_items_scope
Checklist
- [X] I have read and understand the contributing guidelines
- [X] I have checked the existing issues for whether this enhancement was already requested
