Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finding Attributed On date is not retained when cloning projects #3464

Closed
2 tasks done
nscuro opened this issue Feb 13, 2024 · 1 comment · Fixed by #3488
Closed
2 tasks done

Finding Attributed On date is not retained when cloning projects #3464

nscuro opened this issue Feb 13, 2024 · 1 comment · Fixed by #3488
Labels
defect Something isn't working good first issue Good for newcomers p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.11

Comments

@nscuro
Copy link
Member

nscuro commented Feb 13, 2024

Current Behavior

When cloning a project, including its findings, the Attributed On date for cloned findings is set to the date of the clone operation.

dependency-track/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java

Lines 649 to 652 in 8f9a18f

for (Vulnerability vuln: sourceComponent.getVulnerabilities()) {
final FindingAttribution sourceAttribution = this.getFindingAttribution(vuln, sourceComponent);
this.addVulnerability(vuln, clonedComponent, sourceAttribution.getAnalyzerIdentity(), sourceAttribution.getAlternateIdentifier(), sourceAttribution.getReferenceUrl());
}

Steps to Reproduce

  1. Create project
  2. Upload BOM with vulnerable components
  3. Wait for vulnerabilities to be reported
  4. Clone project, including findings
  5. Observe a modified Attributed On date for findings in the cloned project

Expected Behavior

Retain the original Attributed On date when cloning findings.

Dependency-Track Version

4.10.1

Dependency-Track Distribution

Container Image, Executable WAR

Database Server

N/A

Database Server Version

No response

Browser

N/A

Checklist
@nscuro nscuro added defect Something isn't working p3 Nice-to-have features good first issue Good for newcomers labels Feb 13, 2024
@msymons msymons added p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed p3 Nice-to-have features labels Feb 13, 2024
sebD added a commit to sebD/dependency-track that referenced this issue Feb 20, 2024
@sebD
Adds attribution date to findings cloned along with projects.
7c2ae2b 
Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
sebD added a commit to sebD/dependency-track that referenced this issue Feb 20, 2024
@sebD
Adds attribution date to findings cloned along with projects.
e6f7a1c 
Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
sebD added a commit to sebD/dependency-track that referenced this issue Feb 21, 2024
@sebD
Adds attribution date to findings cloned along with projects.
3306322 
Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
sebD added a commit to sebD/dependency-track that referenced this issue Feb 22, 2024
@sebD
Adds possibility to enter an attribution date value when adding a vul…
d1a44a6 
…nerability to a project, used in cloning operation.

Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
@sebD sebD mentioned this issue Feb 22, 2024
Merged
5 tasks
@nscuro nscuro added this to the 4.11 milestone Feb 22, 2024
ellipse2v pushed a commit to ellipse2v/dependency-track that referenced this issue Mar 3, 2024
@sebD @ellipse2v
Adds possibility to enter an attribution date value when adding a vul…
e6196b2 
…nerability to a project, used in cloning operation.

Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
Signed-off-by: Sylvain <sylvain.ridoux@gmail.com>
mikael-carneholm-2-wcar pushed a commit to mikael-carneholm-2-wcar/dependency-track that referenced this issue Mar 15, 2024
@sebD @mikael-carneholm-2-wcar
Adds possibility to enter an attribution date value when adding a vul…
3f16719 
…nerability to a project, used in cloning operation.

Fixes DependencyTrack#3464

Signed-off-by: Sebastien Delcoigne <sebastien.delcoigne@gmail.com>
Signed-off-by: Mikael Carneholm <mikael.carneholm.2@wirelesscar.com>
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working good first issue Good for newcomers p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.11
Development

Successfully merging a pull request may close this issue.

Finding Attributed On date is not retained when cloning projects sebD/dependency-track
2 participants
@msymons @nscuro