Subscribe with RSS to keep up with the latest changes.
June 20, 2018 minor
- Fixed issue where new permissions were not being added to database on upgrades
June 19, 2018 major
- Support for advanced auditing workflow to easily triage findings
- Support for external repositories to retrieve additional component metadata from
- Support for SPDX 3.1 license IDs
- NVD mirroring support for Dependency-Check (and other) clients
- Support for out-of-date version detection (rubygems, maven, and npm)
- Enhanced API to (optionally) autocreate project on bom/scan upload
- Better support for Dependency-Check “relatedDependencies”
- Added individual component metrics (independent of dependency metrics)
- Added per project and per component overview with metrics and refresh support
- Specific table columns can now be sorted with full pagination support
- Improved error logging when issues are encountered during BoM and scan processing
- Enhanced LDAP integration to support strong authentication mechanisms and configurable user formats
- General performance improvements on multi-core machines
- Minor enhancements to user interface
- Fixed defect that prevented paginated results on project tag searches
- Fixed defect affecting GAV identifiers in Dependency-Check Gradle/CLI reports not being in parenthesis
- The VULNERABILITY_ANALYSIS permission was introduced in this release. Existing users that need the ability to audit findings will need this permission added to their account or through their team membership.
- MySQL now requires ANSI_QUOTES to be added to the SQL mode. Refer to Database Support for details.
May 02, 2018 minor
- Fixed defect resulting in incorrect results returned when filtering on components in the project view
- Synced CycloneDX specification to latest v1.0.1 release
April 13, 2018 minor
- Fixed defect resulting in incorrect vulnerability counts for projects
- Fixed defect which prevented project metrics from returning results
- Fixed issue related to the assignment of tags on project creation
- Added the VIEW_PORTFOLIO permission to the ‘automation’ team on new installs
- Updated several dependencies
- Performance improvements in database connection pool
- Fixed defect where database connections were not being reconnected if the connection was lost
- Fixed multiple defects related to component reconciliation when processing BoM and scan uploads
March 30, 2018 minor
- Responded to changes in NVD data feed URLs by correcting the XML 1.2 and 2.0 URLs used for mirroring.
March 29, 2018 minor
- Fixed data model issue which prevented multiple versions of the same project name from being persisted.
- Fixed issue in admin console which did not properly display the number of team members.
If v3.0.0 was deployed, shutdown Dependency-Track, execute the following statement against the database, and deploy v3.0.1.
/* Removes the constraint on having a unique project name thus preventing multiple versions of the project from existing. https://github.com/DependencyTrack/dependency-track/issues/118 */ ALTER TABLE PROJECT DROP CONSTRAINT PROJECT_NAME_IDX;
March 27, 2018 major
Project Reboot Successful! This is the first release after being developed from the ground up.
- Dramatically increases visibility into the use of vulnerable components
- Supports an unlimited number of projects and components
- Projects can range from applications, operating systems, firmware, to IoT devices
- Tracks vulnerabilities across entire project portfolio
- Tracks vulnerabilities by component
- Easily identify projects that are potentially vulnerable to newly published vulnerabilities
- Supports standardized SPDX license ID’s and tracks license use by component
- Supports CycloneDX and SPDX bill-of-material formats
- Easy to read metrics for components, projects, and portfolio
- API-first design facilitates easy integration with other systems
- API documentation available in Swagger 2.0 (OpenAPI 3 support coming soon)
- Flexible authentication supports internally managed users, Active Directory/LDAP, and API Keys
- Simple to install and configure. Get up and running in just a few minutes