rkg-mm
rkg-mm
### Current Behavior: I am responsible for security questions in all of our projects, including tooling like Dependency-Track and PSIRT process. Even though projects should typically handle things on their...
### Current Behavior: Recently I stumpled several times over vulnerabilty reports by Dependency-Track, which are actually withdrawn and marked as such in the vulnerability databases. Dependency-Track does still show these...
### Current Behavior: When surpressing a vulnerability, a corresponding policy violation is not surpressed and needs to be surpressed manually too. ### Steps to Reproduce: 1. Create a policy targeting...
### Current Behavior: Currently, the admin can create notifications in the backend for all projects for single mail addresses or other channels. With a bigger amount of projects this is...
Hi, I can't spend the time to prepare a pull request, but I wanted to share a solution to improve the table widget performance of qx desktop. The solution has...
New version seems to be broken: > npx @cyclonedx/bom my\path --include-license-text --output "my\path\bom.xml" --type application npx: installed 47 in 4.703s Invalid or unexpected token After forcing old version it works...
I scanned some of our projects with cyclonedx-dotnet for further use with vulnerability identification tool dependency-track. After importing into dependency-track, many licenses of packages are not visible. In one project...
Team API keys should be treated as a secret and not stored in plaintext, instead stored as and compared against the hash. They should not be available on UI like...
### Description This change introduces logic for "collection projects". Those are basically projects used as parent for other projects that shall not hold any own component or vulnerability data, but...
### Current Behavior Got several mails about upload failures of BOMs, checked the logs, found related to the affected 2 projects: First I got these for both projects: ``` 2023-12-14...