Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to filter components by outdated versions for components without namespace/group #4510

Closed
2 tasks done
sedan07 opened this issue Jan 3, 2025 · 0 comments · Fixed by #4511
Closed
2 tasks done

Unable to filter components by outdated versions for components without namespace/group #4510

sedan07 opened this issue Jan 3, 2025 · 0 comments · Fixed by #4511
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.12.3

Comments

@sedan07
Copy link
Contributor

sedan07 commented Jan 3, 2025

Current Behavior

When listing all the components of a given project using the /v1/component/project/{uuid} endpoint you can filter by onlyOutdated to exclude recent components. However this won't show any outdated components which don't have the optional group field set. Java SBOMs will have this set as Java uses namespaces, but Python for instance doesn't. As a result you cannot filter Python projects to see only the outdated components as 0 get returned.

Steps to Reproduce

  1. Take for instance a relatively popular Python open source project such as Netbox and generate an SBOM using Trivy:
  • trivy image -f cyclonedx -o netbox.cdx.json netboxcommunity/netbox:v4.1
  • netbox.cdx.json
  1. Upload the SBOM to a new project in Dependency-Track
  2. From the components tab enable the "Outdated only" toggle
  3. 0 results returned.

Expected Behavior

28 outdated results returned, for items such as click

Dependency-Track Version

4.12.2

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

13

Browser

N/A

Checklist
@sedan07 sedan07 added defect Something isn't working in triage labels Jan 3, 2025
sedan07 added a commit to sedan07/dependency-track that referenced this issue Jan 3, 2025
@sedan07
Fix onlyOutdated ungrouped component filtering
9a89052 
Fixes: DependencyTrack#4510

Signed-off-by: Seb Dangerfield <[email protected]>
sedan07 added a commit to sedan07/dependency-track that referenced this issue Jan 3, 2025
@sedan07
Fix onlyOutdated ungrouped component filtering
40734fd 
Fixes: DependencyTrack#4510

Signed-off-by: Seb Dangerfield <[email protected]>
@sedan07 sedan07 mentioned this issue Jan 3, 2025
Merged
2 tasks
@nscuro nscuro added this to the 4.12.3 milestone Jan 3, 2025
@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed in triage labels Jan 3, 2025
sedan07 added a commit to sedan07/dependency-track that referenced this issue Jan 3, 2025
@sedan07
Fix onlyOutdated ungrouped component filtering
5276bb2 
Fixes: DependencyTrack#4510

Signed-off-by: Seb Dangerfield <[email protected]>
@nscuro nscuro closed this as completed in 4fc5b23 Jan 3, 2025
nscuro pushed a commit to nscuro/dependency-track that referenced this issue Jan 3, 2025
@sedan07 @nscuro
Fix onlyOutdated ungrouped component filtering
19e24f5 
Fixes: DependencyTrack#4510

Signed-off-by: Seb Dangerfield <[email protected]>
@nscuro nscuro mentioned this issue Jan 3, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.12.3
Development

Successfully merging a pull request may close this issue.

Fix onlyOutdated ungrouped component filtering sedan07/dependency-track
2 participants
@sedan07 @nscuro