Closed hohwille closed 1 year ago
I just analyzed the logs of my dependency-track and found this one:
dependency-track-dtrack-frontend-1 | 2023/06/01 11:29:17 [error] 35#35: *162 client intended to send too large body: 1883794 bytes, client: 172.19.0.1, server: _, request: "PUT /api/v1/bom HTTP/1.1", host: "localhost:8080"
Are you in close contact with the makers of dependency-track? Is that a bug in dependency-track itself or are you just using the API in a wrong way in your maven plugin? Is there a way to tweak the configuration of the underlying HTTP server of dependency-track to increase the body size limit?
OK, documentation of dependency-track itself is rather poor. I found the problem. I was uploading the BOMs to the frontend but it has to be uploaded to the backend. Documentation is just giving me minimal information to get started and as a new user (due to Single-Origin-Policy) I do not expect that there are multiple URLs and ports involved and after browsing dependency-track in the webbrowser on 8080...
You already outlined this perfectly in your README:
IMPORTANT Dependency Track includes a front-end and an api-server component on different ports (defaulting to 8080 and 8081 respectively). You must ensure that you target the api server component (8081) and not the front-end component URL in the dependencyTrackBaseUrl property.
So I just close this issue as noting seems to be wrong with this plugin then.
As a user of
dependency-track-maven-plugin
I would expect it to just work (with the current/latest version of dependency-track). However, according to my observation it does not:I already reported this problem in #237 but more as a side note so maybe it did not get enough attention. Now with the latest version of the plugin (1.5.0), I still get this error and would therefore consider the plugin as useless unless this issue is fixed.