Ability to create a policy condition based on "Age of latest version"

### Current Behavior

We are trying to implement an "out-of-date" policy for open source components with these rules:

1. The component in use must not be older than 2 years.
2. The latest available (upstream) version of the component must not be older than 1 year.

With this we hope to accomplish a mix of allowing old and stable versions (with no known vulnerabilities) but be alerted if the project is not longer being actively developed (meaning no future fixes if a vulnerability is found).

### Proposed Behavior

A possibility to make policy conditions based on when the latest version of a component was released.

### Checklist

- [x] I have read and understand the [contributing guidelines](https://github.com/DependencyTrack/dependency-track/blob/master/CONTRIBUTING.md#filing-issues)
- [x] I have checked the [existing issues](https://github.com/DependencyTrack/dependency-track/issues) for whether this enhancement was already requested

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Ability to create a policy condition based on "Age of latest version" #5290

Current Behavior

Proposed Behavior

Checklist

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Ability to create a policy condition based on "Age of latest version" #5290

Description

Current Behavior

Proposed Behavior

Checklist

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions