Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Different Package Manager show different results #4557

Open
2 tasks done
beazt93 opened this issue Jan 15, 2025 · 0 comments
Open
2 tasks done

Different Package Manager show different results #4557

beazt93 opened this issue Jan 15, 2025 · 0 comments
Labels
defect Something isn't working in triage

Comments

@beazt93
Copy link

beazt93 commented Jan 15, 2025

Current Behavior

I am using Qt 6.4.2 from github and wrote the purl manually and got this:
<purl>pkg:github/qt/[email protected]</purl>
This only shows that the version is outdated, but 0 vulnerabilities

but if I use a different package manager, for example conan:
<purl>pkg:conan/[email protected]</purl>

This has different results and shows me and 11 vulnerabilities.

What is causing the difference for the same version, but different package manager?

Steps to Reproduce

  1. Use <purl>pkg:github/qt/[email protected]</purl>
  2. Use <purl>pkg:conan/[email protected]</purl>

Expected Behavior

I am expecting the same results for the same version, the package manager shouldn't have any influence in the result.

Dependency-Track Version

4.12.2

Dependency-Track Distribution

Container Image

Database Server

N/A

Database Server Version

No response

Browser

Microsoft Edge

Checklist
@beazt93 beazt93 added defect Something isn't working in triage labels Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working in triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@beazt93