Closed mattdunn-eh closed 4 months ago
Disabling via environment variable did not make it into the 4.11 release. Instead, there is a toggle in the admin panel. Refer to the changelog for v4.11:
Validation may be turned off in the administration panel under Configuration -> BOM Formats.
The upgrade notes also explicitly state:
Validation of uploaded BOMs and VEXs is enabled per default, but can be disabled in the administration panel under Configuration -> BOM Formats -> BOM Validation
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Current Behavior
https://github.com/DependencyTrack/dependency-track/pull/3522 refers to the ability to disable BOM validation by setting the environment variable BOM_VALIDATION_ENABLED=false, this has been set (what we think is correctly) but BOM validation is still applied (receiving BOM validation failure for BOM containing validation issues)
Steps to Reproduce
Expected Behavior
Post to /api/v1/bom succeeds when provided invalid BOM with BOM_VALIDATION_ENABLED=false
Dependency-Track Version
4.11.1
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist