Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo Component Info Not Displaying in Dependency Track #3510

Closed
2 tasks done
leec94 opened this issue Feb 28, 2024 · 1 comment
Closed
2 tasks done

Cargo Component Info Not Displaying in Dependency Track #3510

leec94 opened this issue Feb 28, 2024 · 1 comment
Assignees
@leec94
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.11

Comments

@leec94
Copy link
Contributor

leec94 commented Feb 28, 2024

Current Behavior

The Dependency Track features list Cargo (Rust) as a compatible ecosystem: https://github.com/DependencyTrack/dependency-track/?tab=readme-ov-file#features

However, when uploading Cargo components, such as pkg:cargo/rand@0.7.2 through the UI, details such as latest version status is not available to view.

Note

The bug, as found by @nscur0 is located here:

dependency-track/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java

Line 81 in 8cf1ee3

static IMetaAnalyzer build(Component component) {

I'm happy to work on this bug if someone can assign me to this!

Steps to Reproduce

  1. Create example Project and add component "rand", version "0.7.2", with PURL pkg:cargo/rand@0.7.2
  2. View Component list and see that the latest version status on the right side of "Version" column does not show if the component is up to date.

I'm using the default set up from the quickstart docker compose. Not sure if the database is H2 or PostgreSQL but selecting H2 as a guess.

Expected Behavior

  1. Create example Project and add component "rand", version "0.7.2", with PURL pkg:cargo/rand@0.7.2
  2. View Component list and see that the latest version status on the right side of "Version" column does show if the component is up to date, and the version and latest version information is available through the API.

Dependency-Track Version

4.9.x

Dependency-Track Distribution

Container Image

Database Server

H2

Database Server Version

No response

Browser

Google Chrome

Checklist
@leec94 leec94 added defect Something isn't working in triage labels Feb 28, 2024
@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed in triage labels Feb 28, 2024
@nscuro nscuro added this to the 4.11 milestone Feb 28, 2024
@leec94 leec94 mentioned this issue Feb 28, 2024
Merged
5 tasks
@nscuro nscuro closed this as completed in 3d234af Feb 29, 2024
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@leec94 leec94

Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.11
Development

No branches or pull requests
2 participants
@leec94 @nscuro