BOM_PROCESSED & BOM_CONSUMED Alerts Not Sent When BOM Processing V2 Enabled

[msymons]

Current Behavior

Alerts that are configured for BOM_PROCESSED & BOM_CONSUMED are incredibly useful for automating synchronisation of BOMs between two Dependency-Track Instances (using alerts of type Webhook in this case).

Thanks to logging introduced in v4.10 once can see proof in the logs when the alerts are failing and also (if desired) when they are working fine.

Such alerts stop working when BOM Processing V2 is enabled. There is no logging at all.

Testing shows that it is not just Webhook alerts that fail... emails also do not get sent.

Steps to Reproduce

• Create an email alert with scope Portfolio and specifying BOM_PROCESSED (or BOM_CONSUMED)
• Limit the alert to project X and select " Log successful publish"
• Ensure that BOM Processing V2 is NOT enabled
• Upload a BOM to project X and check that the alert has fired successfully (ie, it is logged and you receive the email)
• Now enable BOM Processing V2
• Upload a BOM to project X and check that the alert has not been logged this time.

Expected Behavior

Alerts for BOM_PROCESSED & BOM_CONSUMED should work when BOM Processing V2 is enabled.

Dependency-Track Version

4.11.4

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

14.x

Browser

Google Chrome

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported

[nscuro]

Fixed via #3877. The notifications are dispatched, but using the wrong scope (SYSTEM instead of PORTFOLIO). This causes the configured alert rules to be bypassed.