Add warning for missing component identifiers (CPE or purl)

[lukas-braune]

Current Behavior

Dependency-Track currently does not issue a warning when machine-readable identifiers, such as CPE or purl, are missing for third-party components. This absence of identifiers means that no security vulnerabilities can be identified for these components, potentially leaving projects exposed to untracked risks.

Proposed Behavior

Dependency-Track should provide a visual hint or warning when a component lacks either a CPE or purl identifier. This feature could be configurable, allowing users to enable or disable the warning based on their needs. The warning will help users quickly identify components that may not be fully analyzed for security vulnerabilities.

Checklist

• [x] I have read and understand the contributing guidelines
• [x] I have checked the existing issues for whether this enhancement was already requested

[rkg-mm]

This could probably easiest done via a new policy that triggers on such components?

[lukas-braune]

@rkg-mm I like that suggestion. Moreover, it would enable users to easily leverage the existing alerting mechanism.