-
**Describe the bug**
We are using DependencyCheck in our GitLab CI/CD pipeline and have been for quite some time. Suddenly, out of the blue, today we started getting failures in the job that runs DC.…
-
Apologies, as this is almost certainly the wrong place to be raising this but I didn't find anywhere more appropriate.
I'm currently using the lovely [DependencyCheck plugin](https://github.com/jer…
-
OSSIndex marks phantomjs-prebuilt@2.1.16 with a vulnerability but the npm advisory links to phantomjs-cheniu
https://ossindex.sonatype.org/component/pkg:npm/phantomjs-prebuilt@2.1.16
https://www.n…
-
https://ossindex.sonatype.org/vulnerability/CVE-2020-7731?component-type=golang&component-name=github.com%2Frussellhaering%2Fgosaml2
> This affects all versions of package github.com/russellhaering…
-
**Vulnerability URL**
**Description**
```text
pkg:npm/canvas@2.10.0 - 1 vulnerability found!
Vulnerability Title: 1 vulnerability found
ID: sonatype-2019-0142
Description: 1 non…
-
This looks like a good choice: https://github.com/OSSIndex/auditjs
-
We will (soon :crossed_fingers:) have [`jake`](https://github.com/sonatype-nexus-community/jake) [available from `conda-forge`](https://github.com/conda-forge/jake-feedstock), which, despite its serpe…
-
The dependency to Hangfire.Core should be elevated to version 1.7.3 and above. Versions of Hangfire.Core below that is vulnerable to cross-site scripting: https://ossindex.sonatype.org/vulnerability/s…
-
**Vulnerability URL**
```
https://ossindex.sonatype.org/vulnerability/sonatype-2014-0038?component-type=npm&component-name=shelljs&utm_source=proget&utm_medium=integration&utm_content=22.0.9.2
```
…
-
### Current Behavior
![image (1)](https://github.com/DependencyTrack/dependency-track/assets/92030419/d48f0977-a07e-4f2c-a861-1fab7ca220aa)
### Steps to Reproduce
1.generate sbom based on one a…