Basic Support for Classifiers (Type) Added in CycloneDX 1.5 & 1.6 - Githubissues

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

Apache License 2.0

2.7k stars 578 forks source link

Basic Support for Classifiers (Type) Added in CycloneDX 1.5 & 1.6 #4361

Open msymons opened 6 days ago

msymons commented 6 days ago

Current Behavior

Dependency-Track tracks "Classifier" for both project and component. Classifier in Dependency-Track is based on CycloneDX component "type"

In v4.12.1, DT supports the following:

These options are not up-to-date as they represent types that were available in CycloneDX 1.4

Thus, type values that were added in CycloneDX 1.5 and 1.6 are not supported. As of CycloneDX 1.6, there are several missing.

Proposed Behavior

Extend Classifier list to include Type values that were introduced in CycloneDX 1.5 and 1.6

platform
device-driver
machine-learning-model
data
cryptographic-asset

This enhancement is "Basic" as making the new Type values useful would require adding support for (say) CBOM for cryptographic-asset

Checklist

[x] I have read and understand the contributing guidelines
[x] I have checked the existing issues for whether this enhancement was already requested

ybelMekk commented 6 days ago

This answer my question: https://github.com/DependencyTrack/dependency-track/issues/4352.

But i can find the doc about the new behaviour...

Tanks 😄