- require Jenkins 2.479.1 or newer
- require Java 17 or newer (required since Jenkins 2.479.1)
- require Dependency-Track 4.12 or newer (#286)
- Support "isLatest" flag (#286)
- Support variables in project properties (JENKINS-74822)
- Support for specifying the parent project using its name and version as an alternative to its ID (#261)
- Include artifact name in Publishing Logline (#264)
- Support for Policy Violations (#130)
- require Jenkins 2.440.1 or newer
- require Java 11 or newer (required since Jenkins 2.361.1)
- require Dependency-Track 4.9 or newer
- New findings are only evaluated from the second build onwards (#113)
- Allow
overrideGlobals
to override global timeout and interval settings (#182) - Use the proxy that is configured in Jenkins (#181)
- Support threshold for unassigned findings (#158)
- Supports HTTP/2
- In the event of an unexpected exception, each call to Dependency-Track is retried within an uniformly distributed, randomly generated period in the range of 50-500ms.
- A warning is emitted when threshold values are configured but synchronous mode is disabled. Add Support for Identification of Aliases ... by ignoring them (#168)
- The settings for the threshold values are now only visible when synchronous mode is enabled. This will hopefully avoid misunderstandings/misconfigurations.
- Remove usages of
l:css
(#160)
- Added support for parent-child-relationships of projects with Dependency-Track v4.7 and newer (fixes #139)
- Searching on the result page was partially broken due to a bug in bootstrap-vue 2.22+
- The connection test will also check server-side permissions for Dependency-Track v4.4 and newer (fixes #13)
- classic jobs with sync mode and no project ID used the looked-up ID in future runs, although they should not (fixes #98)
- When using "New Findings" thresholds, the plugin is now looking for the latest succesful build with a report instead of just the previous build with the report.
- The options "Dependency-Track project name" and "Dependency-Track project version" were only visible after saving and reloading the configuration page, although the global configuration "Auto Create projects" was set.
- Fixed an issue with "Dependency-Track project" in classic (freestyle) jobs and Jenkins 2.319 LTS that caused the value to be "null" instead of empty, resulting in upload errors. Affected users should edit and save the job after updating to this plugin version.
- allow to specify tags that should be set for the project (fixes #12)
- allow to specify SWID and group that should be set for the project (fixes #50)
- allow to specify a description that should be set for the project
- Analysis result information not shown when CSRF Protection is turned off (fixes #73)
- The threshold for new findings used the last build, even though it may not have had a Dependency-Track analysis result.
- minimum required Jenkins version is now 2.289.2
- replaced inline JavaScript ... one step closer to compatibility with the CSP header
- add 'min' values in field definitions of forms
- uses modern div-layout for threshold level settings section
- Clicking on the x-axis label (the job number) of the trend graph will take you directly to the full report.
- added german translation
- display report summary on build run page containing the number of severities found
- enforce Job/read permission in order to read the analysis results for a build run and the trend data on the project page
- configured threshold levels in classic jobs where empty in the UI after saving them and reloading the config page. saving them again resulted in the deletion of previous none-empty values.
- SECURITY-2250. Thanks to Justin Philip for reporting this issue.
- allow to specify an alternative URL for the Dependency-Track Frontend (fixes #22)
- added links to npm security advisories
- verify that
projectId
is set when auto create projects is not enabled
- link to project page not working for Dependency-Track older than v3.8, part 2 (previous fix was incomplete)
- link to project page not working for Dependency-Track older than v3.8 (fixes #17)
- Report does not render correctly in Firefox (fixes #18)
- Internet Explorer 11 is not supported anymore
- minimum required Jenkins version is now 2.249.2
- configuration is not compatible with previous versions
- due to internal changes
- API key is now of type "Secret Text" credential
-
allow to override global values for Dependency-Track URL, API key and "Auto Create Projects" in job definition (fixes JENKINS-55926)
-
support multiple invocations in a build run (fixes JENKINS-55926).
please note: Only the result of the last invocation using
synchronous=true
will contribute to the result report page and the history on the job page. -
allow to specify connect and response timeouts
-
re-designed result report page
-
added link on the sidebar to Dependency-Track project page for each build (only for new builds, fixes JENKINS-55627)
-
support dark theme of Jenkins 2.249
-
JENKINS-57697: more detailed error logging
-
API key is now a "Secret Text" credential
-
list of projects in job configuration page is now sorted and includes only active projects
- unable to use
projectName
andprojectVersion
instead ofprojectId
in classic job types - sorting of column "Severity" in result report table was broken
- corrected the help information for global setting "Polling Timeout"
- removed
artifactType
parameter - minimum required Jenkins version is now 2.222.3
- JENKINS-57640: Support Configuration As Code