Include or Exclude Projects From BOM Validation Using Tags #3891
Labels
enhancement
New feature or request
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
size/S
Small effort
Milestone
Comments
nscuro
added
p2
2 tasks
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Sep 1, 2024
Closes DependencyTrack#3891 Signed-off-by: nscuro <[email protected]>
3 tasks
nscuro
added a commit
to nscuro/dependency-track-frontend
that referenced
this issue
Sep 1, 2024
Relates to DependencyTrack/dependency-track#3891 Signed-off-by: nscuro <[email protected]>
Merged
1 task
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Sep 1, 2024
Closes DependencyTrack#3891 Signed-off-by: nscuro <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/frontend
that referenced
this issue
Sep 6, 2024
Relates to DependencyTrack/dependency-track#3891 Signed-off-by: nscuro <[email protected]> Signed-off-by: Schauer-Köckeis <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/frontend
that referenced
this issue
Sep 10, 2024
Relates to DependencyTrack/dependency-track#3891 Signed-off-by: nscuro <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/dependency-track
that referenced
this issue
Sep 10, 2024
Closes DependencyTrack#3891 Signed-off-by: nscuro <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/frontend
that referenced
this issue
Sep 10, 2024
Relates to DependencyTrack/dependency-track#3891 Signed-off-by: nscuro <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/frontend
that referenced
this issue
Sep 10, 2024
Relates to DependencyTrack/dependency-track#3891 Signed-off-by: nscuro <[email protected]>
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Behavior
BOM Validation against the CycloneDX schema was a feature introduced in v4.11.0 and can be enabled or disabled by an administrator.
It is "all or nothing". Either every BOM upload gets validated or nothing gets validated.
It was known before v4.11.0 release that this could cause problems if users' tooling was producing invalid BOMs.
However, real-world experience has shown that more tools are generating invalid BOMs than might have been hoped for. Thus, we need to improve functionality:
Proposed Behavior
Implement the ability to filter Validation based on tag. Configuration based on tag means that the administrator can set things up once and then users with lower privileges can easily control behavior at the project level.
Once BOM Validation is enabled then select whether to run in one of two modes (suggest using a radio button here)
If the admin does not provide any tag then behavior should be as in v4.11.0 (everything gets validated)
If the admin switches from "Include" mode to "Exclude" mode (or vice versa) then the system should still remember the tag that was used in the option that is now inactive.... they might want to switch back again later.
I suggest that the default should be "Exclude" This would allow the admin to configure it with a tag and have BOMs upload before the tag is added to any project and behavior would still be "everything gets validated".
Checklist
The text was updated successfully, but these errors were encountered: