* Uses recommended JSON array notation for `CMD` directives.
* Suppresses warnings for `sun.misc.Unsafe` usage (for Lucene) emitted by Java 25.
* Removes undesired `|| true` and `|| exit 1` occurrences as they don't provide any benefit.
* Specifies `--chown` for COPY directives to make ownership more explicit.
* Switches from `wget` to `curl` for health check as it has the same flags in Alpine and Debian, which wget does not have.
Signed-off-by: nscuro <nscuro@protonmail.com>
Since we don't recommend using H2, and H2 keeps causing issues, we shouldn't have it as a default for new users.
Relates to #4573
Signed-off-by: nscuro <nscuro@protonmail.com>
Ensure the field defaults to `true`, both in Java and the database. During upgrade, migrate all values that are currently `null` to `true`.
Solidify this change by switching `project.active` from `Boolean` to `boolean`. Adjust logic that previously had to check for `null`.
Fixes#4410
Signed-off-by: nscuro <nscuro@protonmail.com>
* Align property names
* Durations are now specified in milliseconds instead of seconds
* Reduce retry attempts and retry durations for OSS Index; The previous values were excessive
* Ensure that retries are only performed under certain transient error conditions, not for *any* error
* Provide a common mechanism to log when retries are performed, when max attempts were exceeded, or errors were not considered for retries
Signed-off-by: nscuro <nscuro@protonmail.com>
The current setup is parsing the CWE dictionary XML at runtime and persisting it to the database (`CweImporter`), just to load it from the database again into memory (`CweResolver`). Both `CweImporter` and `CweResolver` end up holding the entire CWE dictionary in static `Map`s, which is unnecessary.
CWEs are synchronized with the database on startup, where each CWE is processed in a database transaction. That is over 1400 transactions before anything meaningful is done.
As of v4.5 (https://github.com/DependencyTrack/dependency-track/issues/1467), CWEs are stored as serialized list in the `VULNERABILITY` table. The `CWE` table is thus not required anymore, as nothing is referring to it. Lookups can be served immediately from in-memory maps.
With this change, the CWE dictionary is pre-processed with a Python script. It generates a Java class that holds all entries in a static `LinkedHashMap`. Persistence logic around CWEs is removed, and the `CWE` table is dropped.
This is a backport from Hyades.
Signed-off-by: nscuro <nscuro@protonmail.com>
To make it clear that these Compose files are only meant for dev and testing work. Avoiding confusion with the existing `src/main/docker/docker-compose.yml`, which is also used as quickstart.
Signed-off-by: nscuro <nscuro@protonmail.com>
