Comments (4)
rkg-mm
commented on June 18, 2024
1
API key is a secret, therefore should not be visible. Please don't...
from dependency-track.
valentijnscholten
commented on June 18, 2024
1
I think a 'eye' icon to toggle between maskes and unmasked can be helpful. Currently if the apikey field is empty in the database, it looks the same as a valid apikey (and the same as an invalid api key). I've seen getting the OSS API key getting corrupted over time, the same might be true for the NVD API key. Also we sometimes see caching issues with DataNuclues.
On the other hand you can probably just modify the DOM to make it visible.
from dependency-track.
somera
commented on June 18, 2024
@rkg-mm secret? The API Key is for free and everybody can get it. What can you make worse, when someone get the key? correct: nothing. At the moment I have only one admin user in my DT instance. And my opinion is: "The API Key should be redable for the admin."
from dependency-track.
somera
commented on June 18, 2024
The idea with the 'eye' sounds good. Thx for the tip with the DOM. I didn't try this. ;)
from dependency-track.
Related Issues (20)
- Add API `GET /v1/vex/token/{uuid}` to query state of VEX processing HOT 1
- Link a Projects as a component of another project HOT 17
- Proper feedback on BOM upload HOT 4
- Continuous high disk activity on newly created instance HOT 2
- Unable to upload large BOM using HTTP API HOT 2
- How to set max-http-header-size for embedded jetty server?
- Please add support for component "scope" parameter
- Add possibility to set max header size for requests
- Add property to control "Verified" flag in DefectDojo integration HOT 2
- adding a new source https://cveawg-test.mitre.org/api-docs/
- Split direct dependency check from Version Distance Evaluator HOT 1
- Is there a way to suppress vulnerability globally HOT 3
- SBOM not imported if it was generated by new syft v0.101.0 HOT 3
- Failed to decrypt API key (NVD - NistApiMirrorTask)
- Delete Previous SBOM
- Uploading same SBOM to a different project in Dependency Track fails HOT 2
- "Outdated only" and "Direct only" buttons or disabled HOT 3
- Provide graph showing total components in project
- No pagination and no dropdown for row limit in frontend user interface with a tree view, resulting in incomplete display HOT 1
- Introduce toggle button in Dependency Graph to toggle component scope
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track.