v5.2.0

⚠ Breaking

⭐ New Features

• Support variables in project properties (JENKINS-74822)

🐞 Bugs Fixed

v5.1.0

⚠ Breaking

⭐ New Features

• Support for specifying the parent project using its name and version as an alternative to its ID (#261)
• Include artifact name in Publishing Logline (#264)
• Support for Policy Violations (#130)

🐞 Bugs Fixed

v5.0.0

⚠ Breaking

• require Jenkins 2.440.1 or newer
• require Java 11 or newer (required since Jenkins 2.361.1)
• require Dependency-Track 4.9 or newer
• New findings are only evaluated from the second build onwards (#113)

⭐ New Features

• Allow overrideGlobals to override global timeout and interval settings (#182)
• Use the proxy that is configured in Jenkins (#181)
• Support threshold for unassigned findings (#158)
• Supports HTTP/2
• In the event of an unexpected exception, each call to Dependency-Track is retried within an uniformly distributed, randomly generated period in the range of 50-500ms.
• A warning is emitted when threshold values are configured but synchronous mode is disabled.
• Add Support for Identification of Aliases ... by ignoring them (#168)

🐞 Bugs Fixed

• The settings for the threshold values are now only visible when synchronous mode is enabled. This will hopefully avoid misunderstandings/misconfigurations.

v4.3.1

⚠ Breaking

⭐ New Features

🐞 Bugs Fixed

• Remove usages of l:css (#160)

v4.3.0

⚠ Breaking

⭐ New Features

• Added support for parent-child-relationships of projects with Dependency-Track v4.7 and newer (fixes #139)

🐞 Bugs Fixed

• Searching on the result page was partially broken due to a bug in bootstrap-vue 2.22+

v4.2.0

⚠ Breaking

⭐ New Features

• The connection test will also check server-side permissions for Dependency-Track v4.4 and newer (fixes #13)

🐞 Bugs Fixed

• classic jobs with sync mode and no project ID used the looked-up ID in future runs, although they should not (fixes #98)
• When using "New Findings" thresholds, the plugin is now looking for the latest succesful build with a report instead of just the previous build with the report. (PR #106)

Contributors

• @lsoumille

v4.1.1

⚠ Breaking

⭐ New Features

🐞 Bugs Fixed

• The options "Dependency-Track project name" and "Dependency-Track project version" were only visible after saving and reloading the configuration page, although the global configuration "Auto Create projects" was set.
• Fixed an issue with "Dependency-Track project" in classic (freestyle) jobs and Jenkins 2.319 LTS that caused the value to be "null" instead of empty, resulting in upload errors. Affected users should edit and save the job after updating to this plugin version.

v4.1.0

⚠ Breaking

none

⭐ New Features

• allow to specify tags that should be set for the project (fixes #12)
• allow to specify SWID and group that should be set for the project (fixes #50)
• allow to specify a description that should be set for the project

🐞 Bugs Fixed

• Analysis result information not shown when CSRF Protection is turned off (fixes #73)
• The threshold for new findings used the last build, even though it may not have had a Dependency-Track analysis result.

v4.0.0

⚠ Breaking

• minimum required Jenkins version is now 2.289.2

⭐ New Features

• replaced inline JavaScript ... one step closer to compatibility with the CSP header
• add 'min' values in field definitions of forms
• uses modern div-layout for threshold level settings section
• Clicking on the x-axis label (the job number) of the trend graph will take you directly to the full report.
• added german translation
• display report summary on build run page containing the number of severities found

🐞 Bugs Fixed

• enforce Job/read permission in order to read the analysis results for a build run and the trend data on the project page
• configured threshold levels in classic jobs where empty in the UI after saving them and reloading the config page. saving them again resulted in the deletion of previous none-empty values.

v3.1.1

🐞 Bugs Fixed

• SECURITY-2250. Thanks to Justin Philip for reporting this issue.