Comments (1)
I am not entirely convinced that this would be a good feature and therefore tend not to implement this feature request.
Merging results from different projects leads to a number of other problems, mainly caused by duplicate findings. Duplicates lead to new Github issues. Findings can only be distinguished by the UUID of the project. Some calls of the plugin might have been made with the project UUID. To make the project readable on the overview page, the project name and version would have to be displayed, which would require additional searches. The same applies to the link to the DT project in the sidebar.
Another reason why I am not convinced about this feature is the following. The result of the build job gives you a snapshot of what DT found at that point in time. At the same time, you get an ongoing analysis of the project in DT for the future.
If you want the combined result of multiple BOMs in Jenkins, please merge them using the various tools for that.
You wrote that you tried that but had problems with the plugin. I am curious what those were. The plugin is not interested in the content of the BOM.
p.s.
If your frontend and backend are deployed as one application and have the same version and lifecycle, they should also be tracked as one application in DT. However, if they have different lifecycles and can be deployed separately, they should be tracked as separate projects in DT.
from dependency-track-plugin.
Related Issues (20)
- support classifier assignment from pipeline HOT 1
- Produce a report of the dependency track findings HOT 4
- Get Artifact from outside the workspace HOT 3
- Error was: Input length = 1 HOT 2
- Support threshold for "unnassigned" vulnerabilities HOT 1
- Add the possibility to assign (newly created) projects to a team HOT 2
- Add Support for Identification of Aliases HOT 8
- Dtrack-API with contextpath not accessible
- Implement Support for SBOM Quality Score Tool (sbomqs) HOT 2
- Using the dependency-track-plugin behind an (authenticating) proxy HOT 1
- Allow overrideGlobals to override Global timeout and interval settings.
- Explanation of upload error "Error was: Input length = 1 HOT 1
- I don't want to show Dependency-Track Project on Jenkins HOT 1
- HTTP 403 Forbidden, but curl works fine HOT 1
- Upload with Parent uuid does not work with 4.10.0 HOT 2
- Request Tier 2 Plugin for Dependency Track CloudBees HOT 1
- how to build the project HOT 1
- Update to Vue.js 3
- Fails if Dependencey Track API server returns Not Modified HOT 3
- sbom upload fails with "Input length = 1" after Jenkins upgrade HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track-plugin.