Standardize config property names and remove legacy shims

[nscuro]

Description

• Ensures that all properties follow a consistent naming and format pattern.
• Removes shim for legacy alpine.* or unprefixed properties.
• Renames VulnerabilityAnalysisTask to PortfolioAnalysisTask as it better reflects what it does (i.e. schedule analyses for all projects in the portfolio).
• Adds validation during startup to catch misconfigurations early.

Not great to do this in the RC phase, but better now than post GA.

Addressed Issue

N/A

Additional Details

Docs PR: DependencyTrack/docs#114

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have updated the migration changelog accordingly
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly
• This PR is a substantial change (per the ADR criteria), and I have added an ADR under docs/adr/

[owasp-dt-bot]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 40 complexity · 2 duplication

Metric	Results
Complexity	40
Duplication	2

View in Codacy

🟢 Coverage 94.74% diff coverage

Metric	Results
Coverage variation	Report missing for c44b0991
Diff coverage	✅ 94.74% diff coverage (70.00%)

View coverage diff in Codacy

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (c44b099)	Report Missing	Report Missing	Report Missing
Head commit (a889a87)	41687	35896	86.11%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#6215)	190	180	94.74%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

¹ Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[Copilot]

Pull request overview

This PR standardizes Dependency-Track configuration property names, removes legacy fallback shims, adds startup validation for legacy properties, and renames the portfolio-wide analysis task to better reflect its purpose.

Changes:

• Renames many config keys to canonical dt.* forms across application defaults, tests, dev tooling, and runtime lookups.
• Removes LegacyPropertyFallbackCustomizer and introduces LegacyConfigPropertyValidator.
• Renames VulnerabilityAnalysisTask to PortfolioAnalysisTask and switches task scheduling to explicit config key constants.

Reviewed changes

Copilot reviewed 45 out of 45 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
apiserver/src/main/java/org/dependencytrack/Application.java	Wires startup legacy config validation and renamed init-task keys.
apiserver/src/main/java/org/dependencytrack/common/ConfigKeys.java	Defines standardized config key constants.
apiserver/src/main/java/org/dependencytrack/common/HttpClient.java	Switches HTTP connect timeout config to milliseconds.
apiserver/src/main/java/org/dependencytrack/common/LegacyConfigPropertyValidator.java	Adds startup validation for legacy config names.
apiserver/src/main/java/org/dependencytrack/dev/DevServices.java	Updates dev-services config key references.
apiserver/src/main/java/org/dependencytrack/dex/DexEngineDatabaseMigrationInitTask.java	Renames init task identifier.
apiserver/src/main/java/org/dependencytrack/dex/DexEngineInitializer.java	Updates Dex and temporary notification config keys.
apiserver/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java	Updates telemetry default config key lookup.
apiserver/src/main/java/org/dependencytrack/persistence/DatabaseMigrationInitTask.java	Renames database migration init task identifier.
apiserver/src/main/java/org/dependencytrack/persistence/DatabasePartitionMaintenanceInitTask.java	Renames partition maintenance init task identifier.
apiserver/src/main/java/org/dependencytrack/persistence/DatabaseSeedingInitTask.java	Renames database seeding init task identifier.
apiserver/src/main/java/org/dependencytrack/policy/vulnerability/SyncVulnPolicyBundleActivity.java	Updates vulnerability policy bundle config keys.
apiserver/src/main/java/org/dependencytrack/tasks/PortfolioAnalysisTask.java	Renames portfolio analysis task class and logger.
apiserver/src/main/java/org/dependencytrack/tasks/TaskSchedulerInitializer.java	Uses explicit standardized task cron config keys.
apiserver/src/main/java/org/dependencytrack/util/TaskUtil.java	Removes class-name-derived task config lookup.
apiserver/src/main/resources/application-dev.properties	Updates telemetry dev config key.
apiserver/src/main/resources/application.properties	Updates default application config property names and docs.
apiserver/pom.xml	Updates dev-services system property name.
apiserver/src/test/java/org/dependencytrack/common/HttpClientTest.java	Updates timeout test config to milliseconds.
apiserver/src/test/java/org/dependencytrack/common/LegacyConfigPropertyValidatorTest.java	Adds tests for legacy config validation.
apiserver/src/test/java/org/dependencytrack/policy/vulnerability/SyncVulnPolicyBundleActivityTest.java	Updates vulnerability policy bundle test config keys.
apiserver/src/test/java/org/dependencytrack/tasks/PortfolioAnalysisTaskTest.java	Updates renamed portfolio analysis task test.
alpine/alpine-common/src/main/java/alpine/common/util/ProxyUtil.java	Updates proxy host config key usage.
alpine/alpine-common/src/main/java/alpine/config/AlpineConfigKeys.java	Renames Alpine config constants to canonical names.
alpine/alpine-common/src/main/resources/META-INF/microprofile-config.properties	Updates Alpine default config property names.
alpine/alpine-common/src/test/java/alpine/common/util/ProxyUtilTest.java	Updates proxy config key in tests.
alpine/alpine-server/src/main/java/alpine/server/auth/LdapAuthenticationService.java	Updates LDAP attribute config reference in warning.
alpine/alpine-server/src/main/java/alpine/server/auth/LdapConnectionWrapper.java	Updates LDAP config key references and docs.
alpine/alpine-server/src/main/java/alpine/server/auth/OidcAuthenticationService.java	Updates OIDC default teams config key.
alpine/alpine-server/src/test/java/alpine/server/auth/LdapAuthenticationServiceTest.java	Updates LDAP test config key constants.
alpine/alpine-server/src/test/java/alpine/server/auth/OidcAuthenticationServiceTest.java	Updates OIDC default teams test config key.
common/config/src/main/java/org/dependencytrack/common/config/ConfigPropertyRelocateCustomizer.java	Updates relocated SmallRye config log key.
common/config/src/main/java/org/dependencytrack/common/config/LegacyPropertyFallbackCustomizer.java	Removes legacy config fallback shim.
common/config/src/main/resources/META-INF/services/io.smallrye.config.SmallRyeConfigBuilderCustomizer	Removes fallback customizer service registration.
common/config/src/test/java/org/dependencytrack/common/config/LegacyPropertyFallbackCustomizerTest.java	Removes tests for deleted fallback shim.
common/init/src/main/java/org/dependencytrack/init/InitTaskExecutor.java	Updates init-task enablement property pattern.
dev/compose.yaml	Updates development compose environment variable names.
dev/scripts/dbschema-generate.sh	Updates standalone migration config property.
docs/adr/020-flyway-migrations.md	Updates ADR references to renamed init-task exit property.
e2e/src/test/java/org/dependencytrack/e2e/AbstractE2ET.java	Updates bcrypt rounds environment variable.
e2e/src/test/java/org/dependencytrack/e2e/BomProcessedNotificationDelayedE2ET.java	Updates delayed notification environment variable.
e2e/src/test/java/org/dependencytrack/e2e/VulnerabilityPolicyE2ET.java	Updates vulnerability policy bundle environment variable.
file-storage/provider-local/src/main/java/org/dependencytrack/filestorage/local/LocalFileStorageProvider.java	Updates local storage compression config key.
file-storage/provider-s3/src/main/java/org/dependencytrack/filestorage/s3/S3FileStorageProvider.java	Updates S3 credential and compression config keys.
file-storage/provider-s3/src/test/java/org/dependencytrack/filestorage/s3/S3FileStorageTest.java	Updates S3 storage test config keys.