Skip to content

Align naming of isLatest parameter between PUT and POST endpoints for BOM upload #4841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
apollo13 opened this issue Apr 14, 2025 · 3 comments · Fixed by #4905
Closed
2 tasks done

Align naming of isLatest parameter between PUT and POST endpoints for BOM upload #4841

apollo13 opened this issue Apr 14, 2025 · 3 comments · Fixed by #4905
Labels
defect Something isn't working good first issue Good for newcomers p3 Nice-to-have features size/S Small effort

Comments

@apollo13
Copy link

Current Behavior

I am autocreating projects during BOM submission like this:

curl --silent --fail-with-body -X "POST" "http://host:20010/api/v1/bom" \
        -H "Content-Type: multipart/form-data" \
        -H "X-Api-Key: xxxxxx" \
        -F "autoCreate=true" \
        -F "projectName=test2" \
        -F "projectVersion=1" \
        -F "isLatestProjectVersion=true" \
        -F "bom=@sbom.cdx.json"

Looking into the dashboard the project is created properly but isLatestProjectVersion doesn't seem to have any effect:

Image

Steps to Reproduce

  1. Execute the command mentioned above
  2. Observe the missing "latest" flag in Dtrack.

Expected Behavior

The "latest" project flag should get updated.

Dependency-Track Version

4.13.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

17

Browser

N/A

Checklist
@apollo13 apollo13 added defect Something isn't working in triage labels Apr 14, 2025
@nscuro
Copy link
Member

nscuro commented Apr 14, 2025

For the POST endpoint the field is called isLatest:

dependency-track/src/main/java/org/dependencytrack/resources/v1/BomResource.java

Line 408 in bc241ea

@DefaultValue("false") @FormDataParam("isLatest") boolean isLatest,

@apollo13
Copy link
Author

Ah indeed, sorry for the noise. Didn't realize that subtle difference between PUT & POST. Would be great if the behavior between the two were consistent -- should I leave the ticket open?

@nscuro
Copy link
Member

nscuro commented Apr 14, 2025

It's documented like this in the OpenAPI spec:

Image

If we want to align both we need an additional parameter in order to keep in backward-compatible.

I'll leave this open, but rename it so it better reflects your ask.

@nscuro nscuro changed the title When ingesting BOMs isLatestProjectVersion doesn't seem to work Align naming of isLatest parameter between PUT and POST endpoints for BOM upload Apr 14, 2025
@nscuro nscuro added p3 Nice-to-have features good first issue Good for newcomers size/S Small effort and removed in triage labels Apr 14, 2025
@snieguu snieguu mentioned this issue Apr 30, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working good first issue Good for newcomers p3 Nice-to-have features size/S Small effort
Projects
None yet
Milestone
No milestone
2 participants
@apollo13 @nscuro