Open trigomanju opened 1 year ago
Hey @trigomanju, thanks for reporting!
Can you specify what exactly you mean with "operational risk"? Your screenshot highlights a table row with many vulnerabilities identified, what did you expect to see instead?
Might that an indicator is expected to be shown that 1.0.2h is not the latest version.
Hi Team,
indicator is expected to show that 1.0.2h is not the latest version..
Regards, Manjunath
From: valentijnscholten @.> Sent: Thursday, December 8, 2022 9:56 PM To: DependencyTrack/dependency-track @.> Cc: Manjunath S @.>; Mention @.> Subject: Re: [DependencyTrack/dependency-track] operational risk not identified (Issue #2254)
BeSecure! This email comes from outside of ABB. Make sure you verify the sender before clicking any links or downloading/opening attachments. If this email looks suspicious, report it by clicking 'Report Phishing' button in Outlook or raising a ticket on MyIS.
Might that an indicator is expected to be shown that 1.0.2h is not the latest version.
— Reply to this email directly, view it on GitHubhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FDependencyTrack%2Fdependency-track%2Fissues%2F2254%23issuecomment-1342979699&data=05%7C01%7Cmanjunath.s2%40in.abb.com%7C138dbe1863954948529408dad938f95a%7C372ee9e09ce04033a64ac07073a91ecd%7C0%7C0%7C638061135978315349%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v1ZaYP9p2iXN%2B7xJafN1WLIJNSXfCF4Lfu1tATo1UqA%3D&reserved=0, or unsubscribehttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA2IOVMY7PVYXX7XGAVXIV6LWMID3TANCNFSM6AAAAAASXZPXD4&data=05%7C01%7Cmanjunath.s2%40in.abb.com%7C138dbe1863954948529408dad938f95a%7C372ee9e09ce04033a64ac07073a91ecd%7C0%7C0%7C638061135978315349%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JDpXdSn3zt%2F8eNb5R0cr8J4C9ob26OcopktUAtMtTyA%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>
Hi Team,
Do we have the solution for this.
Regards Manju
@trigomanju DT is not able to identify every outdated component. It is only able to identify outdated components that have been published to public repositories such as Maven, NPM, Pypi, etc.
See https://docs.dependencytrack.org/analysis-types/outdated-components/
Current Behavior
DT is not recognizing operational risks for certain components such as Openssl
Steps to Reproduce
1.By importing the SBOM to DT 245c6435-8ebb-42b9-a7fb-4635673ee51d-withVulnerabilities.cdx.zip
Expected Behavior
Ideally it should show the operational risk for Openssl component by comparing the version
Dependency-Track Version
4.6.2
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
10.1
Browser
Google Chrome
Checklist