search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.45k stars 532 forks source link

POST on /v1/component does not update external references #3769

Closed mboczkowski closed 1 month ago

mboczkowski commented 1 month ago

Current Behavior

When I update a component's data I supply external references for the component, as specified in API spec for /v1/component endpoint. The update is processed and 200 OK is returned, but when I read the component again, I can see no external references.

Steps to Reproduce

  1. Get component's data (without an external reference)
  2. Add external reference(s) to the payload, i.e.:'[{"type": "website", "url": "https://some.host", "comment": "added with API"}]'
  3. Execute POST on /v1/component with the payload
  4. After successful execution, get the component's data again
  5. There is no external reference supplied in the component's data retrieved

Expected Behavior

To have external reference updated, when supplied

Dependency-Track Version

4.10.x

Dependency-Track Distribution

Container Image

Database Server

N/A

Database Server Version

No response

Browser

N/A

Checklist