Support CEL based Expression for Detecting Internal Components

[VinodAnandan]

Current Behavior

Currently, Dependency-Track lacks only support for detecting internal components using component name, group based regex.

Proposed Behavior

Integrate CEL-based expression support into Dependency-Track to allow users to define and use expressions for detecting internal components within their projects. These expressions could also access other component properties like purl, cpe, swid, etc., as well as project properties and tags. To maintain backward compatibility, existing regex can be migrated into CEL-based expressions.

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested

[nscuro]

as well as project properties and tags

Any use cases that come to mind for this? Can / should a component's "internal" status really depend on project-level information?

[VinodAnandan]

Any use cases that come to mind for this? Can / should a component's "internal" status really depend on project-level information?

I was considering improving the accuracy of the detection, especially in cases where there are known projects with forked components or projects that contain components that don't comply with the regex patterns.