search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.67k stars 571 forks source link

Email notification with team as recipient is not sent #4302

Open tomkuipers opened 4 days ago

tomkuipers commented 4 days ago

Current Behavior

Email notification with team as recipient is not sent.

Setup a email notification alert and set a team as recipient. Select group 'new_vulnerability' under portfolio and press button 'perform test'. No email is send.

dependency-track-api log entry:

2024-10-24 12:21:21,758 WARN [SendMailPublisher] No destination(s) provided; Skipping notification (PublishContext{notificationGroup=NEW_VULNERABILITY, notificationLevel=WARNING, notificationScope=PORTFOLIO, notificationTimestamp=2024-10-24T12:21:21.757898137Z, notificationSubjects={component=Component[uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6, group=null, name=componentName, version=componentVersion], projects=[Project[uuid=c9c9539a-e381-4b36-ac52-6a7ab83b2c95, name=projectName, version=projectVersion]], vulnerability=Vulnerability[id=INT-001, source=INTERNAL]}}) [requestId=c4ba9542-885d-4a60-a5fd-cca446b1b426]

Steps to Reproduce

  1. Administration > Notifications > Alerts
  2. Select team with email as publisher
  3. Verify Publisher class is org.dependencytrack.notification.publisher.SendMailPublisher
  4. Verify that destination is empty
  5. Select team as recipient contains a team
  6. Under Portfolio check group 'NEW_VULNERABILITY'
  7. Click 'Perform test'
  8. Inspect dependency-check-api logs

Expected Behavior

An OIDC group contains members, this group is mapped to a team with same name. When I select the team as recipient in a email notification and perform a test, I expect all members of the OIDC group to receive an email.

Dependency-Track Version

4.12.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

2000rosser commented 3 days ago

Do you have the SMTP server configured in the email configuration section?

tomkuipers commented 6 hours ago

Do you have the SMTP server configured in the email configuration section?

Yes, I have and receive the test email. Also admin is receiving notifcations about occasional failures of bom parsing, so email notification is working.