Replies: 2 comments 1 reply
-
What version of Dependency-Track and Trivy are you running? There was a breaking change in Trivy 0.51.2's server API that caused false negatives for libraries (#3737). DT was fixed to accommodate for that in v4.11.3 (#3738). |
Beta Was this translation helpful? Give feedback.
1 reply
-
Thanks for your answer! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I create an SBOM with Trivy from an image and upload it to Dependency Track.
What I recognized is:
I tested this with only one of the analyzers in an active stat, a fresh project and uploaded using the GUI.
The imported SBOM shows this structure in Dependency Track:
I wonder why it is like this. Combining both analyzers gives me the result I expect. But either of them (especially trivy) should be able to show the full findings.
Beta Was this translation helpful? Give feedback.
All reactions