Currently Dependency Track removes 'properties' -fields from the uploaded sbom-file's 'component' -items. Could this be changed?

[ilarikilkki]

Current Behavior

In our case we have included the file paths of various components into the 'properties' -field of each component in the sbom-file.

After uploading the sbom-file to DT and downloading the file back, the 'properties' -fields have been removed from it.

Proposed Behavior

Do not remove 'properties' -fields from uploaded sbom-files. Having the option to view the contents of 'properties' -fields in Dependency Track's User Interface next to the found vulnerabilities would make it a lot easier to locate the vulnerable dependencies in our repositories.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

What version of DT are you using? Support for component properties was added in v4.11.