Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to deactivate old project versions on BOM upload #4532

Open
2 tasks done
crumohr opened this issue Jan 7, 2025 · 5 comments · May be fixed by #4533
Open
2 tasks done

Add option to deactivate old project versions on BOM upload #4532

crumohr opened this issue Jan 7, 2025 · 5 comments · May be fixed by #4533
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features size/S Small effort

Comments

@crumohr
Copy link

crumohr commented Jan 7, 2025

Current Behavior

In a continuous delivery scenario every commit to a software project creates a new version (and therefore project) in Dependency-Track. Over time there will be hundreds of "active" versions, even though they are actually not "active".

Proposed Behavior

The POST /v1/bom resource has another flag in addition to the already existing isLatest parameter: isActiveExclusively.

When both arguments are true all "old" versions are deactivated and do not clutter the UI anymore.

Checklist
@crumohr crumohr added the enhancement New feature or request label Jan 7, 2025
@nscuro nscuro added p3 Nice-to-have features good first issue Good for newcomers size/S Small effort labels Jan 7, 2025
crumohr added a commit to crumohr/dependency-track that referenced this issue Jan 7, 2025
@crumohr
Add option to deactivate old project versions on BOM upload
7e6488e 
Fixes DependencyTrack#4532

Signed-off-by: Christoffer Rumohr <[email protected]>
@crumohr crumohr linked a pull request Jan 7, 2025 that will close this issue
Open
5 tasks
@valentijnscholten
Copy link
Contributor

Could you not just update the version number on the project you're uploading into? That will also maintain all your analyses.

crumohr added a commit to crumohr/dependency-track that referenced this issue Jan 7, 2025
@crumohr
Add option to deactivate old project versions on BOM upload
4e90c94 
Fixes DependencyTrack#4532

Signed-off-by: Christoffer Rumohr <[email protected]>
crumohr added a commit to crumohr/dependency-track that referenced this issue Jan 7, 2025
@crumohr
Add option to deactivate old project versions on BOM upload
dfa6e6f 
Fixes DependencyTrack#4532

Signed-off-by: Christoffer Rumohr <[email protected]>
@crumohr
Copy link
Author

crumohr commented Jan 8, 2025

We would like to look back in time at point x and be able too see which components where in use at that exact moment. If we update an existing project the most detailed information and especially the BOM are lost.

@valentijnscholten
Copy link
Contributor

So you only use the new feature to cleanup once in a while?

@crumohr
Copy link
Author

crumohr commented Jan 8, 2025

The BOM upload is the last step of our CI pipelines, after the automated deployment to production. We will have this flag always set to true as we don’t have different versions of the same project „active“ at the same time.

@valentijnscholten
Copy link
Contributor

Ah, the new feature will deactive and not delete. Never mind, nothing to see here :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features size/S Small effort
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to deactivate old project versions on BOM upload crumohr/dependency-track
3 participants
@valentijnscholten @nscuro @crumohr