-
-
Notifications
You must be signed in to change notification settings - Fork 526
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Other repositories for composer seem to not work #2544
Comments
Hello @fakeNews-jpg, There are two different points.
You can find the contact points below : |
Thanks a lot for this really complete answer, I close this issue as this seem to not be related to DT |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Current Behavior
I try to use dependency track to manage dependencies of a wordpress installed with composer.
Yet, the sbom generated is not understood correctly by dependency track since vulnerabilities are not detected.
When using wpackagist.org as composer repository, the vulnerabilities are not detected. (i added the repository in administration/repositories/composer)
In this example, wordpress and elementor are vulnerable to known public vulnerabilities
You may find more information on this issue i created since i thought it was due to a sbom generation problem : CycloneDX/cyclonedx-php-composer#324
Please can you explain a way to make dependency track to work with a wordpress installed with composer ?
Thanks a lot in advance
Steps to Reproduce
here is the generated bom :
Expected Behavior
Wordpress is outdated (v 5.3.2) idem for elementor and report should show CVEs associated
Dependency-Track Version
4.6.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist
The text was updated successfully, but these errors were encountered: