Current Behavior

A BOM that is uploaded to Dependency-Track at time X will result in "Last BOM Import" timestamp (displayed on projects page and also on overview tab for individual projects) with value time X.

The "Last BOM Import" column on the projects page is sortable and this is very useful for quickly seeing which projects in the portfolio have not had a recenet upload. eg, when a nightly build is failing.

However, knowing when a BOM was uploaded does not tell you anything at all about when the BOM was generated. The timestamp of the BOM might be months older than "Last BOM Import".

Proposed Behavior

• Add support for recording BOM timestamp in database.
• Display BOM timestamp in column on projects page. The column should be sortable (or it will not really be usable) and should not be displayed by default... even users who value the data might not want to have it cluttering their UI all the time.

Caveats

• Does implementation have to factor in impact of future integration of BOM repository server, where a project might have a history of BOMs, each wth its' own unique timestamp.
• What about merged BOMs, where (say) two BOMs that are a month old get merged today, prior to upload to DT?

Notes

This enhancement is inspired by #2774. It is intended as an MVP for dealing with BOM age. In broad terms this MVP is easy to implement and requires no design thought about exactly how to rate the risk of an old BOM... but leaves the door open to later implementation of the linked issue.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested