search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.58k stars 542 forks source link

webhook do not work correctly when policy violations status changes #1319

Open nibiwodong opened 2 years ago

nibiwodong commented 2 years ago

The defect may already be reported! Please search for the defect before creating one.

Current Behavior:

  1. config a outbind webhook(project audit change) image

  2. when I change policy violations status, eg: APPROVED or REJECTED, I can get a http request like:

{ "notification": { "level": "INFORMATIONAL", "scope": "PORTFOLIO", "group": "PROJECT_AUDIT_CHANGE", "timestamp": "2022-01-05T08:19:18.892300", "title": "Violation Analysis Decision: Approved", "content": "An violation analysis decision was made to a policy violation affecting a project", "subject": } }

There is no subject info. vulnerablility status change is worked correctly.

Steps to Reproduce:

Expected Behavior:

Environment:

Additional Details:

(e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

BlythMeister commented 1 year ago

I've replicated this on 4.6.1 whereby policy status updates missing subject