Since Dependency Track use NVD Rest API (with the APIKEY provided by the deployer) the product Dependency Track should have to respect the Terms of Use of the NVD API and display somewhere the required notice
This product uses the NVD API but is not endorsed or certified by the NVD.
Browse the available documentation on the website: no notice
google search prompt : site:https://docs.dependencytrack.org/ "This product uses the NVD API but is not"
No notice on the about dialog in v 4.10.0 the NVD appears in the DATASOURCE PROVIDERS but without the notice.
sebD
commented
7 months ago
Current Behavior
This issue is a parent of dependency-track#3294
Since Dependency Track use NVD Rest API (with the APIKEY provided by the deployer) the product Dependency Track should have to respect the Terms of Use of the NVD API and display somewhere the required notice
This product uses the NVD API but is not endorsed or certified by the NVD.
OWASP Dependency Check had the same issue : DependencyCheck#6105
Steps to Reproduce
Browse the available documentation on the website: no notice google search prompt : site:https://docs.dependencytrack.org/ "This product uses the NVD API but is not"
No notice on the about dialog in v 4.10.0 the NVD appears in the DATASOURCE PROVIDERS but without the notice.
Expected Behavior
The NVD terms of use should be respected.
Dependency-Track Frontend Version
4.7.x
Browser
Google Chrome
Browser Version
No response
Operating System
Windows
Checklist