Audit history is sometimes lost when cloning project #2640
Labels
duplicate
This issue or pull request already exists
Comments
|
demo_original.txt I attached the before/after BOMs for a case in which the audit history was lost. Things do not really look suspicious to me. But maybe an educated observer will find something of interest. |
2 tasks
|
We're tracking this in #2875. |
nscuro
added
duplicate
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Behavior
For some of our projects cloning including everything (in particular audit history) has various issues. Unfortunately, these
Depend on the existing project: I was not able to hunt down the criteria.
Differ: What I saw was
a) Lost audits:
In some cases all, in others most of the audit analyses where lost.
b) Changes in number of components:
In some cases many components seem to have been duplicated so that they are twice in the resulting project version.
Additional information:
a) Export BOM from a "malicious" project A
b) Create a new project B using the exported BOM
c) Clone B
Steps to Reproduce
Expected Behavior
a) Equal audit state: All audits should be applied to the cloned version. The number of unaudited issues should be the same as in the original version.
b) Stability regarding components: The same number and content of components should be found in the clone version.
Do you have any idea/suggestions?
Is there a realistic chance that an update to 4.7 would change our situation?
Dependency-Track Version
4.6.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
12
Browser
N/A
Checklist
The text was updated successfully, but these errors were encountered: