ProjectMetric doesn't contain project field, required according to Swagger

Current Behavior

After calling /api/v1/metrics/project/xxxxx/current, the returned ProjectMetric doesn't contain a project field. Swagger says the project field is required in a ProjectMetric structure. With this request : curl -H "X-Api-Key: xxxxx" -s http://xxxx/api/v1/metrics/project/079df992-19fd-46b1-9056-b79b46c7b10f/current | jq I get the following answer :

{
  "critical": 17,
  "high": 34,
  "medium": 28,
  "low": 0,
  "unassigned": 21,
  "vulnerabilities": 100,
  "vulnerableComponents": 74,
  "components": 2873,
  "suppressed": 0,
  "findingsTotal": 100,
  "findingsAudited": 0,
  "findingsUnaudited": 100,
  "inheritedRiskScore": 529,
  "policyViolationsFail": 0,
  "policyViolationsWarn": 0,
  "policyViolationsInfo": 0,
  "policyViolationsTotal": 0,
  "policyViolationsAudited": 0,
  "policyViolationsUnaudited": 0,
  "policyViolationsSecurityTotal": 0,
  "policyViolationsSecurityAudited": 0,
  "policyViolationsSecurityUnaudited": 0,
  "policyViolationsLicenseTotal": 0,
  "policyViolationsLicenseAudited": 0,
  "policyViolationsLicenseUnaudited": 0,
  "policyViolationsOperationalTotal": 0,
  "policyViolationsOperationalAudited": 0,
  "policyViolationsOperationalUnaudited": 0,
  "firstOccurrence": 1718729952749,
  "lastOccurrence": 1719354103745
}

I did the same for my whole database and the project field is never there.

Maybe the Swagger is not updated ? If it is updated is it an issue with the api or does the problem come from my data?

Steps to Reproduce

For a unit test :

curl -H "X-Api-Key: xxxxx" -s http://xxxx/api/v1/metrics/project/079df992-19fd-46b1-9056-b79b46c7b10f/current | jq

For a database test :

Get all the projects from the database : curl -H "X-Api-Key: l8QGZayV5XyvGq2iaOHzHglbXPyXAcm3" -k -v https://dependency-track-apiserver.apps.openshift-indus.france.dev.lyra.cloud/api/v1/project > out.json
Parse the result to extract the uuids : jq '.' out.json | grep -v "directDependencies" | grep -v "parent" | grep -v "children" | grep "uuid" | cut -d '"' -f 4 > uuid.txt
For each uuid, call getProjectCurrentMetrics and extract the number of projects appearing in the result : while read line; do curl -H "X-Api-Key: xxxxx" -s http://xxxxx/api/v1/metrics/project/$line/current; done < uuid.txt | grep -c "project"

Expected Behavior

According to the Swagger, project is a required field in a ProjectMetric structure :

ProjectMetrics:
    type: object
    required:
      - critical
      - firstOccurrence
      - high
      - lastOccurrence
      - low
      - medium
      - project

So i should get at least :

{
  "project": {
              "uuid":xxx,
             }
  "critical": 17,
  "high": 34,
  "medium": 28,
  "low": 0,
  "unassigned": 21,
  "vulnerabilities": 100,
  "vulnerableComponents": 74,
  "components": 2873,
  "suppressed": 0,
  "findingsTotal": 100,
  "findingsAudited": 0,
  "findingsUnaudited": 100,
  "inheritedRiskScore": 529,
  "policyViolationsFail": 0,
  "policyViolationsWarn": 0,
  "policyViolationsInfo": 0,
  "policyViolationsTotal": 0,
  "policyViolationsAudited": 0,
  "policyViolationsUnaudited": 0,
  "policyViolationsSecurityTotal": 0,
  "policyViolationsSecurityAudited": 0,
  "policyViolationsSecurityUnaudited": 0,
  "policyViolationsLicenseTotal": 0,
  "policyViolationsLicenseAudited": 0,
  "policyViolationsLicenseUnaudited": 0,
  "policyViolationsOperationalTotal": 0,
  "policyViolationsOperationalAudited": 0,
  "policyViolationsOperationalUnaudited": 0,
  "firstOccurrence": 1718729952749,
  "lastOccurrence": 1719354103745
}

Dependency-Track Version

4.11.3

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

Browser

N/A

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this defect was already reported

DependencyTrack / dependency-track