Ingest tool data from metadata.tools and make it available in CEL policies
#1058
Assignees
Labels
component/api-server
domain/vuln-policy
enhancement
New feature or request
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
size/M
Medium effort
Comments
nscuro
added
enhancement
Merged
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Users may wish to access information about the tooling that generated a BOM in their policies. CycloneDX BOMs include this info in the
metadata.toolsnode. However, it is not currently ingested by Dependency-Track.As per vanilla DT 4.10.0,
metadata.supplierandmetadata.manufacturerare already ingested:These changes haven't been ported to Hyades yet (#983). We should do that before adding the tooling part, to ensure we're not deviating implementation-wise.
Warning
metadata.tools[]was deprecated in favor ofmetadata.tools.components[]andmetadata.tools.services[]in CycloneDX 1.5. We need to ensure that we can handle both, and our internal data model should likely reflect the new representation.The text was updated successfully, but these errors were encountered: