For sbom.eclipse.org, details for colliding -projectName from different -parentName are merged and confusingly presented
Summary
Let me start with a question:
It is possible for me to remove (milestone) content and use better (more unique) names?
I think it's important to be able to clean up mistakes, or problems like what is described below.
For
I realized today that no only are the breadcrumbs poor, not showing the parent project information, but the site actually merges content from different parent projects onto the name, i.e., here the SimRel milestones are also shown via the bread crumb:
I'm not sure if we can expect this to be fixed by the dependency-track. Given the complete lack of response on this issue:
https://github.com/DependencyTrack/dependency-track/issues/4362#issuecomment-3585675505
I would assume that what you see is what you get and that it isn't going to change anytime soon.
This suggests that using a non-unique -projectName is a really bad idea:
echo curl -X POST https://sbom.eclipse.org/api/v1/bom \
-H Content-Type:multipart/form-data \
-H X-Api-Key:"${SBOM_API_TOKEN}" \
-F autoCreate=true \
-F projectName=milestone \
-F projectVersion=4.38-SNAPSHOT \
-F parentName=orbit-aggregation \
-F bom=@sbom.xml
'''Somewhere we should be given projects advice and recommendations about naming conventions.
Priority
-
Urgent -
High -
Medium -
Low
Severity
-
Blocker -
Major -
Normal -
Low