Last BOM import results from Dependency-Track unclear #10545

denniebouman · 2024-12-19T13:03:02Z

Describe the bug
When using multiple projects in Dependency-Track, with:

Metric type: Source up-to-dateness
Source type: Dependency Track
Project event type(s): last BOM import

Then all projects are displayed in the Dependency-Track tab, regardless whether they meet the metric target or not.
The metric may indicate (with the correct metric target) which project has the oldest BOM import, based on the number of days.

The above causes confusion, because other metrics, most of the time, show the number of violations in the metric and only the findings in the detail tab.

Possible adjustment(s)

Make metrics configurable for:
- Metric scale: Count and Metric unit: days
- Metric scale: Count and Metric unit: number of violations
Keep the implementation as-is and in the detail tab provide the violations with a color with the deviations from the metric target
Keep implementation as-is and use a toggle to show only violations in the detail tab, or all projects
..

denniebouman added the Bug Something isn't working label Dec 19, 2024

fniessink added Feature New, enhanced, or removed feature and removed Bug Something isn't working labels Dec 20, 2024

fniessink added this to Quality-time backlog Dec 20, 2024

github-project-automation bot moved this to Inbox in Quality-time backlog Dec 20, 2024

fniessink moved this from Inbox to To be refined in Quality-time backlog Dec 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Last BOM import results from Dependency-Track unclear #10545

Last BOM import results from Dependency-Track unclear #10545

denniebouman commented Dec 19, 2024

Last BOM import results from Dependency-Track unclear #10545

Last BOM import results from Dependency-Track unclear #10545

Comments

denniebouman commented Dec 19, 2024