Dependency Track doesn't support pedigree

[Souhila99]

Current Behavior

When we import an SBOM with pedigree ( we have Enterprise packages with Third-party software packages), we have this behavior:

• Dependency Track shows only the Enterprise packages, the Third-party software components are not detected by dependency track.
• Dependency Track doesn't detect the vulnerabilities for the enterprise packages.

Steps to Reproduce

• Build an SBOM with affected packages with pedigree and ancestors (Enterprise package that is built using third-party software packages).
• Create a new project and Import the SBOM to Dependency Track.
• Display the components list of the created project and check if it contains all the components that are in the SBOM (Enterprise component and third-party software components).
• Check if the vulnerabilities are detected.

Expected Behavior

• Dependency Track has to show both the Enterprise packages and the Third-party software packages.
• Dependency Track has to detect the vulnerabilities for these packages.

Dependency-Track Version

4.7.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

15.1

Browser

Mozilla Firefox

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported

[stevespringett]

Duplicate of #919

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.