Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingest BOM generation timestamp and make it available in CEL policies #1059

Closed
nscuro opened this issue Feb 7, 2024 · 0 comments · Fixed by DependencyTrack/hyades-apiserver#643
Closed

Ingest BOM generation timestamp and make it available in CEL policies #1059

nscuro opened this issue Feb 7, 2024 · 0 comments · Fixed by DependencyTrack/hyades-apiserver#643
Assignees
@sahibamittal
Labels
component/api-server domain/vuln-policy enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort

Comments

@nscuro
Copy link
Member

nscuro commented Feb 7, 2024

Dependency-Track currently only tracks when a BOM was uploaded, but not when the BOM was generated.

Generators can include the generation timestamp in the metadata.timestamp node of the BOM. If it is available, DT should ingest it and make it available in CEL policies.

Note

The CycloneDX specification doesn't dictate any specific timestamp format, so we will need to support multiple and should not fail the BOM ingestion if we don't recognize the format.

Related to #1058
@nscuro nscuro added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort component/api-server domain/vuln-policy labels Feb 7, 2024
@sahibamittal sahibamittal self-assigned this Mar 25, 2024
@sahibamittal sahibamittal mentioned this issue Apr 5, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sahibamittal sahibamittal

Labels
component/api-server domain/vuln-policy enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ingest BOM generation timestamp DependencyTrack/hyades-apiserver
2 participants
@nscuro @sahibamittal