* Removes incorrect statement about base URL being configurable via environment variable.
* Removes outdated notice about change in 2022.
Signed-off-by: Niklas <nscuro@protonmail.com>
Addresses PR feedback on #5736:
- Remove OSS Index base URL from application.properties (runtime-only)
- Remove incorrect configuration.md documentation
- Update ossindex.md to follow Snyk/Trivy pattern for runtime properties
- Remove ineffective test with no assertions
The scanner.ossindex.base.url property is runtime-only and cannot be
configured via application.properties. Updated documentation to clarify
it must be set via environment variables, system properties, or the
admin UI.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Brian Fox <brianf@sonatype.com>
Fix incorrect documentation stating that new API tokens are
required for the new api.guide.sonatype.com endpoint. Existing
tokens from ossindex.sonatype.org work with both endpoints.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Brian Fox <brianf@sonatype.com>
Document Sonatype's migration to the new API endpoint at
https://api.guide.sonatype.com which requires new API tokens.
Updated examples in application.properties and documentation
to reference the new endpoint.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Brian Fox <brianf@sonatype.com>
This change adds the ability to override the OSS Index API base URL,
allowing users to point to alternative OSS Index instances, corporate
proxies, or on-premises deployments.
Changes:
- Added SCANNER_OSSINDEX_BASE_URL configuration property with default
value https://ossindex.sonatype.org
- Implemented lazy-loading getApiBaseUrl() method that reads from
configuration and caches the result
- Updated all OSS Index API calls to use the configurable URL
- Added configuration examples to application.properties
- Updated documentation in configuration.md and ossindex.md
- Added test cases for custom URL configuration
The implementation follows the existing pattern used by Snyk and Trivy
analyzers, ensuring consistency across the codebase. The change is
fully backward compatible - existing installations will continue using
the public OSS Index service unless explicitly configured otherwise.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Brian Fox <brianf@sonatype.com>
Due to various optimisations in recent releases, the previous system requirements are no longer accurate. As a result, the system requirements check that prevents startup if less than 4GB heap is available is no longer practical either.
Resource requirements largely depend on portfolio size and concurrent users.
Signed-off-by: nscuro <nscuro@protonmail.com>
New optional per project property "defectdojo.testTitle"
When property is set, the given test title will be set in DefectDojo
Signed-off-by: Andre Schlegel-Tylla <andre.schlegel-tylla@virtimo.de>
While HTTP headers are case-insensitive, these changes align the examples with the rest of the documentation and source code.
Signed-off-by: Steven Buccini <steven@stevenbuccini.com>
Remove deprecation notice for unauthenticated access to the Badge API,
as the use of API keys for authenticated access comes with risks too
that the maintainer of the DT instance has to weigh against the use of
unauthenticated access which does not use API keys.
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
If uploaded BOM is invalid, dispatches a notification with InvalidBomProblemDetails before
throwing the respective exception
Signed-off-by: Aravind Parappil <aravindparappil@gmail.com>
* Raise supported versions for PostgreSQL and SQL Server to non-EOL versions
* Add notice about deprecation of RDBMSes other than PostgreSQL in DT v5
Signed-off-by: nscuro <nscuro@protonmail.com>
This surfaces the functionality introduced in https://github.com/stevespringett/Alpine/pull/508 to Dependency-Track. It was previously only integrated into Hyades.
Signed-off-by: nscuro <nscuro@protonmail.com>
