孤思冥想 2021-11-29 10:25 采纳率: 100%
浏览 11
已结题

Dependency-Track页面Risk core列没有值,怎么解决

问题遇到的现象和发生背景
问题相关代码,请勿粘贴截图
                                                          sh """
                                '${mvnHome}/bin/mvn' org.cyclonedx:cyclonedx-maven-plugin:makeBom
                                """


                                sh """
                                curl -X "POST" "http://127.0.0.1:8082/api/v1/bom"\
                                    -H "Content-Type: multipart/form-data"\
                                    -H "X-Api-Key: ${API_KEY}"\
                                    -F "autoCreate=true"\
                                    -F "projectName=${env.JOB_BASE_NAME}-${module_name}"\
                                    -F "projectVersion=${branchOrTag}-${codingCommit[0..9]}-${currentBuild.id}"\
                                    -F "bom=@${it.path}"
                                """

img

运行结果及报错内容
我的解答思路和尝试过的方法
我想要达到的结果
  • 写回答

1条回答 默认 最新

  • 孤思冥想 2021-11-29 14:20
    关注

    I expect to see vulnerable components but I don’t
    Most common reason: You have yet to enable the Sonatype OSS Index Analyzer. It is not enabled by default but is necessary to scan dependencies represented by Package URLs.

    Why is Sonatype OSS Index Analyzer disabled by default?
    For Dependency-Track v3.0 - v3.8, Sonatype OSS Index Analyzer is disabled and requires an account. See Sonatype OSS Index Analyzer. For Dependency-Track v4.0 and higher, OSS Index is enabled by default and does not require an account.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

问题事件

  • 系统已结题 12月7日
  • 已采纳回答 11月29日
  • 创建了问题 11月29日