Bundled frontend: v1.0.0
- New user interface based on Vue.js and Bootstrap.
- User interface can optionally be deployed and upgraded independently of the Dependency-Track server.
- Package repositories are now configurable.
- Package repositories can now be identified as ‘internal’. Components identified as ‘internal’ will be analyzed using internal repositories.
- Added additional logging and notifications for OSS Index and NPM Audit analyzers.
- Added the ability to publish system notifications when vulnerability analyzers encounter communication or other errors.
- Added several occurrences of counts for various items throughout the UI.
- Corrected the percentage value of findings audited.
- Fixed URL to Maven Central which prevented the MavenMetaAnalyzer from retrieving component metadata.
- Changed logging behavior when internal components are identified.
- Improved accuracy of internal CPE analyzer which may have lead to false negatives in some situations.
- Fixed issue where the CPE value defined in a BOM was not being persisted if the component previously existed.
- Fixed issue which prevented the HexMetaAnalyzer from executing preventing it from retrieving component metadata for Erlang or Elixir components.
- All Dependency-Track server releases now include a complete CycloneDX software bill-of-materials.
- Added missing permission checks to repository API endpoints.
indexdirectories inside the Dependency-Track data directory will be deleted upon upgrade. This will force the NVD to be downloaded and reprocessed and the indexes to be rebuilt.
- The internal vulnerable software dictionary, generated automatically from the NVD, will be wiped upon upgrade. This will take several minutes to complete and should not be interrupted.
Software Bill-of-Materials (SBOM)