DependencyTrack#4620 add "lastVulnerabilityAnalysis" to project

stohrendorf · stohrendorf · commit 4eed6c50bdc1 · 2025-02-12T17:50:57.000+01:00
Signed-off-by: Steffen Ohrendorf &lt;steffen.ohrendorf@gmx.de&gt;
diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java
@@ -291,6 +291,14 @@ public enum FetchGroup {
     @Column(name = "LAST_RISKSCORE", allowsNull = "true") // New column, must allow nulls on existing databases))
     private Double lastInheritedRiskScore;
 
+    /**
+     * Convenience field which will contain the date of the last vulnerability analysis of the {@link Bom} components
+     */
+    @Persistent
+    @Column(name = "LAST_VULNERABILITY_ANALYSIS", allowsNull = "true")
+    @Schema(type = "integer", format = "int64", requiredMode = Schema.RequiredMode.NOT_REQUIRED, description = "UNIX epoch timestamp in milliseconds")
+    private Date lastVulnerabilityAnalysis;
+
     @Persistent
     @Column(name = "ACTIVE", defaultValue = "true")
     @JsonSerialize(nullsUsing = BooleanDefaultTrueSerializer.class)
@@ -540,6 +548,14 @@ public void setLastBomImportFormat(String lastBomImportFormat) {
         this.lastBomImportFormat = lastBomImportFormat;
     }
 
+    public Date getLastVulnerabilityAnalysis() {
+        return lastVulnerabilityAnalysis;
+    }
+
+    public void setLastVulnerabilityAnalysis(Date lastVulnerabilityAnalysis) {
+        this.lastVulnerabilityAnalysis = lastVulnerabilityAnalysis;
+    }
+
     public Double getLastInheritedRiskScore() {
         return lastInheritedRiskScore;
     }
diff --git a/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java
@@ -52,6 +52,7 @@
 import javax.jdo.Query;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.UUID;
@@ -178,6 +179,8 @@ private void analyzeProject(
                 qm.getPersistenceManager().evictAll(false, Component.class);
                 components = fetchNextComponentBatch(qm, project, components.getLast().getId());
             }
+
+            project.setLastVulnerabilityAnalysis(new Date());
         } finally {
             projectLock.unlock();
         }
diff --git a/src/test/java/org/dependencytrack/tasks/VulnerabilityAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/VulnerabilityAnalysisTaskTest.java
@@ -160,6 +160,8 @@ public void shouldAnalyzeProject() {
         // For analysis of individual projects, metrics updates are expected to
         // be initiated via event chaining.
         assertThat(EVENTS).isEmpty();
+
+        assertThat(qm.getProject("acme-lib", "2.0.0").getLastVulnerabilityAnalysis()).isNotNull();
     }
 
     @Test

Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,8 @@ public void shouldAnalyzeProject() {`
`160`	`160`	`// For analysis of individual projects, metrics updates are expected to`
`161`	`161`	`// be initiated via event chaining.`
`162`	`162`	`assertThat(EVENTS).isEmpty();`
	`163`	`+`
	`164`	`+ assertThat(qm.getProject("acme-lib", "2.0.0").getLastVulnerabilityAnalysis()).isNotNull();`
`163`	`165`	`}`
`164`	`166`
`165`	`167`	`@Test`