-
**Describe the bug**
I have a library A that uses the `java-tracker` as a dependency. It's a _pure_ Java project because it needs to be shared with other pure Java projects. That is to say it uses th…
-
`libvaxis` can't build on the Zig master branch, due to dependency on `libxev`, tracked on [#108](https://github.com/mitchellh/libxev/issues/108) on that repo. The Zig master issue causing this is tr…
-
It would be nice if there was a feature on JSR to bookmark modules then we had a page where we could see all our bookmarked modules and a list of new versions of them being released recently.
If you…
-
### Current Behavior
In my SBOM documents I have "components[] / externalReferences[]" as lists of objects like `{ "type": "vcs", "url": "scm:git:git@server:group/repo.git" }` where the URL-ish part …
-
### Current Behavior
Hi, we currently run Dependency Track with 1200 projects, with around 160k components and we notice a certain build up of memory usage during the day: It usally starts with aro…
-
Hello @kubeflow/wg-data-leads @tarilabs @ChenYi015
The [1.10 release](https://github.com/kubeflow/community/blob/master/releases/release-1.10/release-team.md) team will use this tracking issue to coo…
-
===> Registering installation for buildbot-0.8.6p1
===> Building package for buildbot-0.8.6p1
===> Cleaning for py27-sqlalchemy-0.7.7
===> Cleaning for py27-migrate-0.7.2
===> Cleaning for py2…
-
We are looking into how to best track vulnerabilities for dependencies of our application (build on .NET 6) and the shared frameworks.
I am aware that https://github.com/dotnet/core/blob/main/relea…
-
### Current Behavior
Hello,
Since a while now we noticed that some CVEs are properly returned within the SBOM vulnerability report created by ODT, and then the next day on the exact same project (wi…
-
Issue type: Development discussion
### Problem or question to be solved
Currently, all dependencies that are not Unity packages are downloaded using a shell script. The developer has to remember…