`/api/v1/vulnerability/project/<UUID>` endpoint does not support pagination

[grumpy-miner]

Current Behavior

Using utilising api endpoint /api/v1/vulnerability/project/{project_id} offset query parameter doesn't work.
Changing offset parameter doesn't change output from endpoint.

Tested as well with query parameters limit & page and pageNumber & pageSize

When using offset query parameter in endpoint /api/v1/component/project/{project_id} endpoint works as expected.

Steps to Reproduce

1. Create project
2. Upload SBOM file containing components having vulnerabilities
3. Call /api/v1/vulnerability/project/{project_id} with offset=0
4. Call /api/v1/vulnerability/project/{project_id} with offset=1
5. Compare response

Expected Behavior

If project contains vulnerabilities then response from third and fourth step should be different

Dependency-Track Version

4.8.2

Dependency-Track Distribution

Container Image

Database Server

N/A

Database Server Version

No response

Browser

N/A

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[nscuro]

Thanks for reporting @grumpy-miner!

Indeed this endpoint does not currently support pagination. I stumbled over this very recently, too.

---

Note to whoever ends up implementing this:

We touched the query code for this endpoint in hyades-apiserver already, because the original implementation performed very poorly when many projects had to be loaded. Adding pagination to this implementation should be a lot easier.

[tlameira-keep]

hello, any new related to this issue?