Issues uploading a BOM

[khaledgithubwl]

Current Behavior

Hello,

We encountered an issue while attempting to upload a BOM into Dependency Track. Although our request returned a 200 status, we noticed that nothing was actually uploaded. Upon reviewing the logs, we found the following error:

ERROR [alpine.event.framework.LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread
java.lang.NoClassDefFoundError: org/dependencytrack/model/ComponentProperty$Identity
at org.dependencytrack.parser.cyclonedx.util.ModelConverter.lambdasconvertToComponentProperties$2(ModelConverter.java:274)

The problem was resolved after restarting Dependency Track. Could anyone provide insight into why this error occurred?

Best regards,

Steps to Reproduce

I don't know

Expected Behavior

The BOM will either be uploaded successfully, or an error status code (not 200) will be displayed.

Dependency-Track Version

4.11.x

Dependency-Track Distribution

Executable WAR

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[nscuro]

This happens because the embedded Jetty extracts the WAR's contents to /tmp, and some OS automatically wipe the /tmp directory. This is not an issue for containerized deployments, but since you're deploying on bare metal, it is in your case.

See also the FAQ:

Dependency Track stops working after 1-2 weeks

This might happen if your OS cleans-up temp storage without checking for open files. This has been observed with Windows and CentOS. Deleting temporary files is a problem for the embedded Jetty server used by Dependency Track. When launching Dependency Track, try adding -Djava.io.tmpdir=/path/to/tmpdir to the command and specify an alternative path to where you want DT temp files to reside.