-
-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy Violations do not show up in cloned projects #2875
Comments
Note to self: Policy violations are currently not considered in the project cloning logic: Same goes for the violation analysis trail: dependency-track/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java Lines 657 to 687 in d4f1e8e
|
@rkg-mm Looks like that to me too, yes. I'll close the others as duplicates so we can track it here. |
This was implemented with #3248. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Current Behavior
Cloning a project which has license policy violations does not clone the license policy violations. In fact, policy violations is completely empty.
May be related to #2640
Steps to Reproduce
test-2.sbom.zip
It shows the following license policy violation:
An it returns the following metrics calling
/api/v1/metrics/project/<prj uuid>/current
:The new project version 0.0.2 does not show any license policy violation:
Furthermore, it also does not show the "Last BOM Import" nor the "Last Measurement" timestamp:
And the returned metrics calling
/api/v1/metrics/project/<prj uuid>/current
does return http status code 200 but no response body./api/v1/metrics/project/<prj uuid>/refresh
does set a new "Last Measurement" timestamp, and callingmetrics/.../current
now returns a response body - but it does not contain the correct policy violation numbers - and also the UI still shows no license policy violations:Expected Behavior
After cloning a project, I would expect to see the same policy violations as within the original project.
I would also expect to see the audit trail in case a license policy violation had been ACCEPTED / REJECTED in the original project.
Dependency-Track Version
4.8.2
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
14.7 (AWS RDS PostgreSQL instance)
Browser
N/A
Checklist
The text was updated successfully, but these errors were encountered: