how to properly configure dependencytrack architecture

[evyaroshevich]

Hi. Can you advise on the best way to properly organize the architecture/structure of projects in DependencyTrack?

I use the addition of SBOM files through the CI/CD pipeline in my company. I immediately encountered the problem of mixing projects and inconvenient visual representation. After that, I created a parent project as an empty project, and into it, I already laid out the child projects with versions. My scheme now looks like this:
Project A (empty)
• project A ver 1
• project A ver 2
• project A ver 1 image

Project B (empty)
• project B ver 1
• project B ver 2
• etc.

But over time, projects grow with their versions, and often the SBOM file does not change (constant assembly of the CI/CD pipeline), resulting in duplicate projects.

And so the main question is: how to organize the architecture and clean up projects?

1. Leave everything as it is now (unload projects into the parent)
2. Set up a housekeeper to delete old projects. Then how can this be done? I did not find built-in project cleanup
3. Keep only the latest version of the project in DependencyTrack? Then the changes will not be visible when fixing vulnerabilities
4. Upload the SBOM file only when the components change. For example, store the hash of the SBOM file in the CI/CD pipeline, and if the hash has changed, then upload the SBOM to DependencyTrack

I would be grateful for any advice on optimizing the dependency check process.