dependencytrack / dependency-track Goto Github PK

please create a Docker image with the dependency-track deployed

When trying to run 3.0-dev branch, the login page gets blank.
Checking browser developer tools, there are two files with 404 HTTP status.

/assets/functions.js
/assets/bind.min.js

I tried two approaches, with same results:

1. deploying to a fresh tomcat instance
2. running through docker

Those files aren't available in the repository.

Dependency-Track already supports mirroring of the NVD data feeds.

The NVD feeds will soon be updated to support CVSSv3 as well as be available in JSON format. Per contact with NVD, beta feeds are expected at the end of April 2017 or beginning of May 2017. The feeds are subject to change.

DT needs to be able to:

• Support CVSSv3 and optionally CVSSv2
• Enhance the existing mirroring capability to mirror the new format
• Use the mirrored data to import the entire NVD into the DT database.
• Ensure the NVD data gets updated

By doing this, DT will have a complete mirror of the NVD allowing users to search for vulns. If the CVE is found, all relevant data will be displayed, as well as any tracked components or projects that may be affected by the CVE.

The following dependencies need to be updated to the current major GA release:

SpringFramework
Hibernate
BootStrap

Hi Steve,

I have followed steps which is mention on following link:

https://github.com/stevespringett/dependency-track/wiki/Getting-Started

1. downloaded src
2. did maven clean package
3. and try to deploy dtrack.war generated in target folder.

But i am facing issue. PFA of error log
error log.txt

while deploying war file given at same place, it is getting deployed successfully.

Looking at the exception, it is pointing with JDK vresion competibility issue, But I have also check the version of class file from war file which is generated from war. which is jdk 7+ so, i dont feel that can be a issue

I have also compare both the war file and found that web.xml is not getting generated in src war. and copied same at in web-inf folder, and generated dtrack.war again. and tried to deploy again but still facing same issue.

could you kindly help me.

Hi, I've installed the prebuilt WAR under apache-tomcat-8.0.33 on Windows 10 and everything looks okay, but when I try to add a dependency to my project or add a component I don't get any entries in the dropdowns.

Need to support a md5, sha1, sha256 hash database consisting of hashes and component information.

Registry should be a combination of user editable within the UI (or via REST), as well as provide metadata replicated from Maven Central and potentially other repositories (npm).

Refer to:
https://repo1.maven.org/maven2/.index/
https://github.com/apache/maven-indexer

<dependency>
    <groupId>org.sonatype.nexus</groupId>
    <artifactId>nexus-indexer</artifactId>
    <version>3.0.4</version>
</dependency>

Database should be searchable via UI as well as a REST service that accepts hashes as input and provides component metadata in response.

To compliment service, an analyzer needs to be created for Dependency-Check.

After commit f1afad4, DTrack fails to deploy with the following message:

SEVERE: An exception was thrown while adding/validating class(es) : Constraint "SCAN_UUID_IDX" already exists; SQL statement:
ALTER TABLE SCAN ADD CONSTRAINT SCAN_UUID_IDX UNIQUE (UUID) [90045-176]
org.h2.jdbc.JdbcSQLException: Constraint "SCAN_UUID_IDX" already exists; SQL statement:
ALTER TABLE SCAN ADD CONSTRAINT SCAN_UUID_IDX UNIQUE (UUID) [90045-176]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:344)
        at org.h2.message.DbException.get(DbException.java:178)
...

Full app server log after a fresh start attached (extension 'txt' added as required by Github).

catalina.out.txt

Hi,
I've noticed that the dynamic report created by the application does not reflect the suppressions specified in the suppressions.xml file.
It is weird since the report created by the dependecy-check, and stored in the app-dir, takes into account the suppression entries added in the corresponding file.

Especially for corporate environments this can be a complete blocker.

I've noticed that the dynamic report created by the dependency-track does not correctly add the SHA1 and MD5 of the dependency. It adds the "libraryVersion.getUndashedUuid()" since, the libraryVersion.getSha1() is null.
I've realized about this issue when trying to suppress some vulnerabilities, because copying the suppression code into the supression.xml file cause a problem when parsing this xml (libraryVersion.getUndashedUuid() does not have 40 characters as SHA1 requests).

I've solved this updating the performAnalysis method in the DependencyCheckAnalysis class. You can see the code below:

for (LibraryVersion libraryVersion : libraryVersions) {
            final Library library = libraryVersion.getLibrary();
            final Dependency dependency =
                new Dependency(new File(FileUtils.getBitBucket()));

            final License license = library.getLicense();
            if (license != null) {
                dependency.setLicense(library.getLicense()
                    .getLicensename());
            }
            dependency.setDescription(String.valueOf(libraryVersion
                .getId()));
            dependency.getVendorEvidence().addEvidence("dependency-track",
                "vendor", library.getLibraryVendor().getVendor(),
                Confidence.HIGHEST);
            dependency.getProductEvidence().addEvidence(
                "dependency-track", "name", library.getLibraryname(),
                Confidence.HIGHEST);
            dependency.getVersionEvidence().addEvidence(
                "dependency-track", "version",
                libraryVersion.getLibraryversion(), Confidence.HIGHEST);

            // Adding the SHA1 and MD5 of the dependency (Update)
            libraryVersion.setSha1(dependency.getSha1sum());
            libraryVersion.setMd5(dependency.getMd5sum());


            dependencies.add(dependency);

        }

Surely this is not the best solution, since it does not work well when a new dependency is added, but it works well with dependencies added before.

The contents of NSP should be mirrored (with credits).

Proposed strategy:
GET
https://api.nodesecurity.io/advisories?offset=0
and retrieve the total number of findings. Use this number to know how many offset requests to make.
https://api.nodesecurity.io/advisories?offset=100
https://api.nodesecurity.io/advisories?offset=200
https://api.nodesecurity.io/advisories?offset=300

A total of 317 advisories should have a max offset of 300 which would only return the remaining 17 advisories.

Organizations that want to track attributes that are application specific should be able to do so via the UI and API.

@jtmelton

Modals in IE 10 do not work properly. Pre-populated drop-downs from Modals in IE 11 do not work properly. Many cosmetic UI issues including spacing and alignment also exist only in IE.

There are no immediate plans to support IE. IE 11 changed it's user agent (it no longer identifies itself as MSIE) without actually fixing many of the necessary workarounds required to support IE. As a result, there are no plans to support IE 11. Additionally, it doesn't make sense to support older versions of IE (9/10) without supporting newer (11) versions.

Support for Microsoft's Edge browser is planned.

1. Configure a product apache:tomcat version 7.0.67.
2. Check its DTrack report; ensure that e.g. CVE-2016-3092 is reported. This confirms that the component name is entered correctly.
3. Observe that CVE-2017-5648 is not reported.
4. In the NIST XML file nvdcve-2.0-2017.xml.gz, observe that this product version is (correctly) marked as vulnerable to CVE-2017-5648:

  <entry id="CVE-2017-5648">
[...]
      <vuln:product>cpe:/a:apache:tomcat:7.0.67</vuln:product>

Other vulnerabilities for this same product which are missed:
CVE-2017-5647
CVE-2016-8735
CVE-2016-6816

Used DTrack version: 1.0.0.

This 'feature' should be optional, but only after which point that an admin panel (with user management capabilities) is provided.

A change may be required in Dependency-Check to make this possible.

Provide a dashboard that provides at-a-glance visibility into the use of libraries containing vulnerable libraries across multiple applications and versions.

Feature should provide quick insight into to most at-risk applications (and versions of an applicaiton).

I started dtrack with mvn clean package and then java -jar dtrack.war and was able to create an application with version. If I press the Components link, the page says Generic Error Message. the log shows :

javax.el.PropertyNotFoundException: The class 'java.lang.String' does not have t
he property 'licensename'.
at javax.el.BeanELResolver.getBeanProperty(BeanELResolver.java:730) ~[ja

Add an admin role and provide a page that allows users with this role to manage users and view change logs.

Hi, I have downloaded the v1.0 GA using link from

https://www.owasp.org/index.php/OWASP_Dependency_Track_Project

Deployed with Tomcat7. All component/vendor dropdowns are blank. Checked the logs and they say:

2017-01-07 12:14:39,363 INFO [pool-1-thread-1] [NistDataMirrorUpdater.java:111]
Downloading https://nvd.nist.gov/download/nvdcve-2007.xml.gz
2017-01-07 12:14:39,670 WARN [pool-1-thread-1] [NistDataMirrorUpdater.java:133]
An error occurred during the download or saving of NIST XML data: Connection res
et
2017-01-07 12:14:39,671 INFO [pool-1-thread-1] [NistDataMirrorUpdater.java:111]
Downloading https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2007.xml.gz
2017-01-07 12:14:39,984 WARN [pool-1-thread-1] [NistDataMirrorUpdater.java:133]
An error occurred during the download or saving of NIST XML data: Connection res
et
2017-01-07 12:14:39,984 INFO [pool-1-thread-1] [NistDataMirrorUpdater.java:111]
Downloading https://nvd.nist.gov/download/nvdcve-2008.xml.gz
2017-01-07 12:14:40,309 WARN [pool-1-thread-1] [NistDataMirrorUpdater.java:133]
An error occurred during the download or saving of NIST XML data: Connection res
et
2017-01-07 12:14:40,310 INFO [pool-1-thread-1] [NistDataMirrorUpdater.java:111]
Downloading https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml.gz
2017-01-07 12:14:40,837 WARN [pool-1-thread-1] [NistDataMirrorUpdater.java:133]
An error occurred during the download or saving of NIST XML data: Connection res
et
2017-01-07 12:14:40,838 INFO [pool-1-thread-1] [NistDataMirrorUpdater.java:111]
Downloading https://nvd.nist.gov/download/nvdcve-2009.xml.gz
2017-01-07 12:14:41,325 WARN [pool-1-thread-1] [NistDataMirrorUpdater.java:133]
An error occurred during the download or saving of NIST XML data: Connection res
et

There is no issue when downloading the files using curl/wget (e.g. Internet connection is fine!)

Add the ability to track End-of-support / End-of-life of library versions. Additionally, add an option to report or sort on library versions that are EOS/EOL.

The ability to export a project versions' BOM in SPDX format may be useful.

Additionally, it may be possible to import a SPDX RDF and use that as a source of evidence, similar to how the dependency-check-report.xml is. Needs investigating.

https://spdx.org/

I installed dependency track in a tomcat7 environment running on ubuntu and also get the login screen but the default login credentials admin/admin do not work (athentication failure invalid username or password)

Hi Steve,

The idea of this project looks great. I deployed and started the application. But I didn't see any data in from the portal. I add a component but then how should I trigger it to show me all vulnerabilities for this component? Is this function already available? If yes, could you please provide a more information in the document?

Thanks!
William

When I attempt to add new component, I see no vendors in the dropdown vendor list. I can add my "own vendor" ("test-vendor" in the screenshot).

appHome/log/dependency-track.log contains no errors. All NIST CVE files are successfully downloaded.

Add smart search functionality that can retrieve results based on multiple categories including:

• Project
• Component
• Vulnerability
• License

This functionality will require a server-side index (Lucene) along with a REST resource that can process requests.

The following will be indexed:

• Project: name, version, properties, description
• Component: name, group, version, sha1, description
• Vulnerability: vulnId, description
• License: name, licenseId

A list of results (separated by category) will be displayed and clicking on a result will take you to the individual project, component, vulnerability, or license.

This is a placeholder/reminder to create a remote importer for ThreadFix so that it can pull in vulnerability information from Dependency-Track via it's APIs.

When viewing vulnerabilities, provide an option for a user to create an issue in ThreadFix. This feature will require a system-wide configuration option in which an admin can specify the URL and API KEY to use when connecting to ThreadFix.

Hi,

dev-03 branch uses older version of dependency-check plugin. While using dependency-track it will be good to set maven local repository to get the benefit of dependency-check remote nexus analyzer.
company : groupId
artifact: artifactId
version: version

This way Sha1 will be gathered from file system.

Kind Regards
Pamir

Implement a generic rule engine that would perform an action when a condition is met.

A few sample rules:

• If a dependency is added that has a specific license, send an email notification to one or more recipients.
• If a dependency is added for a specific library or version, deny the addition of the dependency and send an email notification.
• If a dependency is added that contains a known vulnerability (as identified by Dependency-Check) display an alert in the browser and send an email notification.

Rules and actions should be configurable by users with the 'Admin' role or with this specific permission. Display and email actions should be included.

I'm trying to get Dependency Track running, but I don't know how to properly setup a user with admin rights. I used the signup link on the login page, but the created user apparently isn't allowed to create applications, etc.

Could you please provide some instructions regarding a working setup?

P.S.: I'm using the latest snapshot version, i.e. HEAD.

Like the ability to update password, etc

Where I work we maintain both applications and libraries with which we wish to maintain info on CVE's. At the moment DT has two hard and fast categories of things: libraries and applications. I'd like to see these two concepts harmonised into a tree of artifacts (not unlike maven's model of the world). That way I can get reports on vulerabilities on libraries, applications or even subsystems comprising several applications.
What are currently classed as 'Applications' in DT would simply become "artifacts of interest" which could then be reported upon. What constitutes an artifact of interest could either be flagged or rule-based. ie I'm interested in reported on any com.mycompany artifact.
This would allow more complicated suites or hardware/software combinations to be more intuitively managed

Hello,

Tried to run dtrack last week and now, today, but still can't get it to work. Am I doing something wrong, need to specify some configuration, etc? I've compiled dtrack from latest sources, and tried both with winstone and jetty. But it always ends with NPE thrown on first request, i.e, accessing http://localhost:8080/. It redirects to /login and returns this error:

HTTP ERROR 500

Problem accessing /login. Reason:

    Server Error
Caused by:

org.apache.jasper.JasperException: java.lang.NullPointerException
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:440)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:473)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
    at org.eclipse.jetty.jsp.JettyJspServlet.service(JettyJspServlet.java:103)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:595)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191)
    at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:72)
    at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
    at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:264)
    at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1201)
    at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:986)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:933)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:497)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:245)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
    at org.apache.jsp.WEB_002dINF.views.loginPage_jsp._jspx_meth_c_if_0(loginPage_jsp.java:379)
    at org.apache.jsp.WEB_002dINF.views.loginPage_jsp._jspService(loginPage_jsp.java:134)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:411)
    ... 68 more
Caused by:

java.lang.NullPointerException
    at org.apache.jsp.WEB_002dINF.views.loginPage_jsp._jspx_meth_c_if_0(loginPage_jsp.java:379)
    at org.apache.jsp.WEB_002dINF.views.loginPage_jsp._jspService(loginPage_jsp.java:134)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:411)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:473)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
    at org.eclipse.jetty.jsp.JettyJspServlet.service(JettyJspServlet.java:103)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:595)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191)
    at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:72)
    at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
    at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:264)
    at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1201)
    at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:986)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:933)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:497)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:245)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)

I recognize that 3.0 is a dev branch, so you may be aware of this failure already, but I just cloned the repo, ran mvn package, then deployed the WAR to a Tomcat server. Here are the resulting stacktraces I received:

01-Feb-2017 23:03:32.187 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory
 javax.jdo.JDOFatalUserException: A property named javax.jdo.PersistenceManagerFactoryClass must be specified, or a jar file with a META-INF/services/javax.jdo.PersistenceManagerFactory entry must be in the classpath, or a property named javax.jdo.option.PersistenceUnitName must be specified.
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:866)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:1104)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:924)
	at org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory.contextInitialized(LocalPersistenceManagerFactory.java:52)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:917)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1701)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
NestedThrowablesStackTrace:
javax.jdo.JDOFatalDataStoreException: Connection is broken: "java.net.ConnectException: Connection refused (Connection refused): localhost" [90067-176]
	at org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:529)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.freezeConfiguration(JDOPersistenceManagerFactory.java:855)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.createPersistenceManagerFactory(JDOPersistenceManagerFactory.java:333)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.getPersistenceManagerFactory(JDOPersistenceManagerFactory.java:212)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at javax.jdo.JDOHelper$16.run(JDOHelper.java:1970)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.jdo.JDOHelper.invoke(JDOHelper.java:1965)
	at javax.jdo.JDOHelper.invokeGetPersistenceManagerFactoryOnImplementation(JDOHelper.java:1171)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:849)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:1104)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:924)
	at org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory.contextInitialized(LocalPersistenceManagerFactory.java:52)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:917)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1701)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
NestedThrowablesStackTrace:
org.h2.jdbc.JdbcSQLException: Connection is broken: "java.net.ConnectException: Connection refused (Connection refused): localhost" [90067-176]
	at org.h2.message.DbException.getJdbcSQLException(DbException.java:344)
	at org.h2.message.DbException.get(DbException.java:167)
	at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:434)
	at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:311)
	at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:107)
	at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:91)
	at org.h2.Driver.connect(Driver.java:74)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:208)
	at org.apache.commons.dbcp.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:78)
	at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
	at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1148)
	at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
	at org.datanucleus.store.rdbms.ConnectionFactoryImpl$ManagedConnectionImpl.getConnection(ConnectionFactoryImpl.java:483)
	at org.datanucleus.store.rdbms.RDBMSStoreManager.<init>(RDBMSStoreManager.java:297)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.datanucleus.plugin.NonManagedPluginRegistry.createExecutableExtension(NonManagedPluginRegistry.java:606)
	at org.datanucleus.plugin.PluginManager.createExecutableExtension(PluginManager.java:301)
	at org.datanucleus.NucleusContextHelper.createStoreManagerForProperties(NucleusContextHelper.java:190)
	at org.datanucleus.PersistenceNucleusContextImpl.initialise(PersistenceNucleusContextImpl.java:422)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.freezeConfiguration(JDOPersistenceManagerFactory.java:842)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.createPersistenceManagerFactory(JDOPersistenceManagerFactory.java:333)
	at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.getPersistenceManagerFactory(JDOPersistenceManagerFactory.java:212)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at javax.jdo.JDOHelper$16.run(JDOHelper.java:1970)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.jdo.JDOHelper.invoke(JDOHelper.java:1965)
	at javax.jdo.JDOHelper.invokeGetPersistenceManagerFactoryOnImplementation(JDOHelper.java:1171)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:849)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:1104)
	at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:924)
	at org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory.contextInitialized(LocalPersistenceManagerFactory.java:52)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:917)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1701)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at org.h2.util.NetUtils.createSocket(NetUtils.java:123)
	at org.h2.util.NetUtils.createSocket(NetUtils.java:103)
	at org.h2.engine.SessionRemote.initTransfer(SessionRemote.java:100)
	at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:430)
	... 48 more

01-Feb-2017 23:03:32.196 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStop Exception sending context destroyed event to listener instance of class org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory
 java.lang.NullPointerException
	at org.owasp.dependencytrack.persistence.LocalPersistenceManagerFactory.contextDestroyed(LocalPersistenceManagerFactory.java:56)
	at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4767)
	at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5371)
	at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:160)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:917)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1701)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Normally I might troubleshoot a bit, but since it is a dev branch, I did not want to spend too much time debugging in case you were already aware of this.

Since the dependency check look for vulnerabilities in the NVD, I think it could be interesting to be able to add vulnerabilities through another mechanism.
I can figure out that adding another database to look for vulnerabilities there is not in the scope of this project, however, adding the possibility to add new vulnerabilities manually could be interesting.
What do you think about this idea, and which is, in your opinion, the best approach?

I would be interested in contributing to this new feature.

Auto-populate Dependency-Track database with library identification from Dependency-Check

in 3.0-dev branch

After enhancing with datanucleus tomcat gets the exception below

SEVERE: Error thrown executing ALTER TABLE LICENSE ADD COLUMN UUID VARCHAR(36) NOT NULL : NULL not allowed for column "UUID"; SQL statement:
ALTER TABLE LICENSE ADD COLUMN UUID VARCHAR(36) NOT NULL [23502-176]
org.h2.jdbc.JdbcSQLException: NULL not allowed for column "UUID"; SQL statement:
ALTER TABLE LICENSE ADD COLUMN UUID VARCHAR(36) NOT NULL [23502-176]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:344)
at org.h2.message.DbException.get(DbException.java:178)
at org.h2.message.DbException.get(DbException.java:154)
at org.h2.table.Column.validateConvertUpdateSequence(Column.java:308)
at org.h2.table.Table.validateConvertUpdateSequence(Table.java:726)
at org.h2.command.dml.Insert.addRow(Insert.java:196)
at org.h2.command.dml.Select.queryFlat(Select.java:545)
at org.h2.command.dml.Select.queryWithoutCache(Select.java:646)
at org.h2.command.dml.Query.query(Query.java:323)
at org.h2.command.dml.Insert.insertRows(Insert.java:168)
at org.h2.command.dml.Insert.update(Insert.java:115)
at org.h2.command.ddl.CreateTable.update(CreateTable.java:184)
at org.h2.command.ddl.AlterTableAlterColumn.execute(AlterTableAlterColumn.java:448)
at org.h2.command.ddl.AlterTableAlterColumn.cloneTableStructure(AlterTableAlterColumn.java:348)
at org.h2.command.ddl.AlterTableAlterColumn.copyData(AlterTableAlterColumn.java:226)
at org.h2.command.ddl.AlterTableAlterColumn.update(AlterTableAlterColumn.java:158)
at org.h2.command.CommandContainer.update(CommandContainer.java:79)
at org.h2.command.Command.executeUpdate(Command.java:254)
at org.h2.jdbc.JdbcStatement.executeInternal(JdbcStatement.java:186)
at org.h2.jdbc.JdbcStatement.execute(JdbcStatement.java:160)
at org.apache.commons.dbcp.DelegatingStatement.execute(DelegatingStatement.java:264)
at org.apache.commons.dbcp.DelegatingStatement.execute(DelegatingStatement.java:264)
at org.datanucleus.store.rdbms.table.AbstractTable.executeDdlStatement(AbstractTable.java:879)
at org.datanucleus.store.rdbms.table.AbstractTable.executeDdlStatementList(AbstractTable.java:830)
at org.datanucleus.store.rdbms.table.TableImpl.validateColumns(TableImpl.java:257)
at org.datanucleus.store.rdbms.RDBMSStoreManager$ClassAdder.performTablesValidation(RDBMSStoreManager.java:3398)
at org.datanucleus.store.rdbms.RDBMSStoreManager$ClassAdder.run(RDBMSStoreManager.java:2896)
at org.datanucleus.store.rdbms.AbstractSchemaTransaction.execute(AbstractSchemaTransaction.java:119)
at org.datanucleus.store.rdbms.RDBMSStoreManager.createSchemaForClasses(RDBMSStoreManager.java:3877)
at org.datanucleus.store.schema.SchemaTool.createSchemaForClasses(SchemaTool.java:499)
at org.datanucleus.PersistenceNucleusContextImpl.initialiseSchema(PersistenceNucleusContextImpl.java:953)
at org.datanucleus.PersistenceNucleusContextImpl.initialise(PersistenceNucleusContextImpl.java:481)
at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.freezeConfiguration(JDOPersistenceManagerFactory.java:842)
at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.createPersistenceManagerFactory(JDOPersistenceManagerFactory.java:333)
at org.datanucleus.api.jdo.JDOPersistenceManagerFactory.getPersistenceManagerFactory(JDOPersistenceManagerFactory.java:212)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)

Hi,

I have found a problem in the HTML and XML reporting.
Almost always (just once i could access) I get an 500 error after clicking on HTML or XML button (http://localhost:8080/dtrack/dependencyCheckReport/2.html).
I can't figure out why has just worked once.

I'm using a tomcat 8 for the deploy.

Thanks!

It would be a really useful feature to be able to import dependencies via an XML file. These could be XML files generated by OWASP Dependency Check as well as some other generic format. This would be helpful to automate the tracking of dependencies in one's system.

I'm using Dependency Track "for real", monitoring several products and hundreds of components.

Sometimes DTrack does not report a vulnerability I know is applicable. The reason is that the "affected version" information in NVD XML sources is incomplete. A frequent example is that only the version in which the vulnerability is found is reported, nothing being said about earlier versions. When the set of the affected versions is nontrivial (happens regularly with e.g. OpenSSL), it is seldom fully correct in the NVD XML.

I see this as a showstopper for many users: the purpose of DTrack is to not miss the vulnerabilities.

But obviously the report cannot be better than the source data it is based upon.

One idea might be to give an option to "report vulnerabilities for all versions" for a given component when the user selects a component version in the application. This way the user will get also non-applicable vulnerabilities, but will never miss the relevant ones (if only the product name is correct).

I do not know how such "feature request" fits in the present vision of DTrack. But otherwise I found that I'm reading the XML diff to be sure that I have not missed something critical, which kind of defeats the purpose of using DTrack.

In previous releases, the dashboard was a simple line chart displaying the total number of high, medium, and low vulnerabilities over time. An enhanced dashboard should display:

• Top (x) CVEs affecting projects
• Top (x) CWEs affecting projects
• Best performing projects by IRS
• Least performing projects by IRS
• Most at risk components
• IRS per project over time
• H/M/L per project over time

The initial version of the dashboard will not be configurable, rather a means to collect, retrieve, organize, and present the data in meaningful ways.

System needs to have three roles for the next release: VIEWER, EDITOR, ADMIN.

I've downloaded Dependency Tracker via:

git clone https://github.com/stevespringett/dependency-track.git

After that I've started the application with:

mvn spring-boot:run

Build seems to be successful. I have not modified anything. But after I've logged in as admin:admin I always get this exception:

java.lang.IllegalArgumentException: Could not resolve placeholder 'pom.version' in string value "${pom.version}"

Also the webserver gives me an 500 error message and the execution of the application is canceled.

Full Stacktrace:

16:22:00.642 [http-nio-8080-exec-2] INFO o.o.d.c.LoginController - Login successful: admin
2016-04-07 16:22:01.479 ERROR 3112 --- [nio-8080-exec-3] o.a.c.c.C.[.[localhost].[/dtrack].[jsp] : Servlet.service() for servlet jsp threw exception

java.lang.IllegalArgumentException: Could not resolve placeholder 'pom.version' in string value "${pom.version}"
at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:174) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:126) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.AbstractPropertyResolver.doResolvePlaceholders(AbstractPropertyResolver.java:204) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.AbstractPropertyResolver.resolveRequiredPlaceholders(AbstractPropertyResolver.java:178) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.AbstractPropertyResolver.resolveNestedPlaceholders(AbstractPropertyResolver.java:195) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:87) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:60) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:531) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66-internal]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66-internal]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66-internal]
at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66-internal]
at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:113) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:129) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:49) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:342) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:120) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:242) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.tags.EvalTag.doEndTag(EvalTag.java:116) ~[spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.jsp.WEB_002dINF.views.templates.footer_jsp._jspx_meth_spring_005feval_005f1(footer_jsp.java:214) ~[na:na]
at org.apache.jsp.WEB_002dINF.views.templates.footer_jsp._jspService(footer_jsp.java:138) ~[na:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:720) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:523) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:935) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jsp.WEB_002dINF.views.templates.page_jsp._jspService(page_jsp.java:303) [dtrack/:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:720) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:523) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:935) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jsp.WEB_002dINF.views.dashboardPage_jsp._jspService(dashboardPage_jsp.java:137) [dtrack/:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) [tomcat-embed-jasper-8.0.32.jar:8.0.32]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:720) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:168) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:303) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1244) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1027) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:971) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration$ApplicationContextHeaderFilter.doFilterInternal(EndpointWebMvcAutoConfiguration.java:242) [spring-boot-actuator-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) [spring-boot-actuator-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) [spring-boot-actuator-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66-internal]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66-internal]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66-internal]

...this does not let to enter components such as, for example, xerces-c++. As a workaround, it can be entered, and is showing, as xerces-c%2b%2b.

Now that SPDX has been implemented (#48) and hundreds of open source licenses are part of Dependency-Track, it should be possible to automatically resolve the licenses for some of the components.

DC reports may include the SPDX license ID, the name of the license, or the license URL as evidence. It will be possible to resolve the licenses in these cases.

It would also be possible to add a basic rule engine that could come with pre-configured rules (as well as user-definable ones) that if the rules are matched, a particular license would be resolved. Example: if evidence contains groupId and groupId = 'org.apache', then resolve the Apache 2.0 license. Or if filename equals commons-io-* then resolve Apache 2.0 license.