You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thank you for supplying such a wonderful tool.
I don't know if I think it the right way, but I had some thoughts on the analysis process.
Use case
I deploy a container with an updated tag (e.g. :1.0, :2.0, :3.0 etc.) from time to time to a kubernetes cluster where also a SBOM operator is deployed that submits SBOMs to Dependency-Track. Dependency-Track itself is configured to perform a scan of the provided SBOM once per day.
Now let's assume that some weeks have passed and I have numerous versions analyzed of the container.
Questions
Does Dependency-Track scan each provided project version indefinitely?
If yes, how can I tell Dependency-Track not to scan "outdated" versions of the container?
What is the best practice to expire or clean up versions?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello everybody,
First of all, thank you for supplying such a wonderful tool.
I don't know if I think it the right way, but I had some thoughts on the analysis process.
Use case
I deploy a container with an updated tag (e.g. :1.0, :2.0, :3.0 etc.) from time to time to a kubernetes cluster where also a SBOM operator is deployed that submits SBOMs to Dependency-Track. Dependency-Track itself is configured to perform a scan of the provided SBOM once per day.
Now let's assume that some weeks have passed and I have numerous versions analyzed of the container.
Questions
Beta Was this translation helpful? Give feedback.
All reactions