Comments (2)
sephiroth-j
commented on July 21, 2024
1
Projects created when the BOM is uploaded are automatically assigned to the team whose API key was used. This is therefore a one-off action. For existing projects, this is also a one-time action. For this reason alone, I don't think this is a valuable feature. Also, the team needs the "ACCESS_MANAGEMENT" permission to do this. This permission allows the management of users, teams and API keys, which is far too permissive and would undermine the purpose of controlling access to the portfolio.
from dependency-track-plugin.
malice00
commented on July 21, 2024
You are correct in that the team whose API key is used will be assigned the project, however in our setup there is only one such user/team -- it is the one configured globally in our jenkins. The other teams do not have API keys and their privileges inside of DT are only viewing their portfolio, viewing and analyzing vulnerabilities and policies.
And because the teams don't want to sent an e-mail to the DT-admins every time they create a new project or version, we were looking for a way to automatically (or at least in the teams' control) assign the projects to their portfolios.
For us this makes sense in this way, because everything is built around these teams -- all teams know their 'names' and roles and these are used all throughout our tooling (GIT, Jenkins; JIRA, etc).
I hope you reconsider and will accept this request and my PR for it...
from dependency-track-plugin.
Related Issues (20)
- Produce a report of the dependency track findings HOT 4
- Get Artifact from outside the workspace HOT 3
- Error was: Input length = 1 HOT 2
- Support threshold for "unnassigned" vulnerabilities HOT 1
- Add Support for Identification of Aliases HOT 8
- Dtrack-API with contextpath not accessible
- Implement Support for SBOM Quality Score Tool (sbomqs) HOT 2
- Using the dependency-track-plugin behind an (authenticating) proxy HOT 1
- Allow overrideGlobals to override Global timeout and interval settings.
- Explanation of upload error "Error was: Input length = 1 HOT 1
- I don't want to show Dependency-Track Project on Jenkins HOT 1
- HTTP 403 Forbidden, but curl works fine HOT 1
- Upload with Parent uuid does not work with 4.10.0 HOT 2
- Request Tier 2 Plugin for Dependency Track CloudBees HOT 1
- how to build the project HOT 1
- Update to Vue.js 3
- Fails if Dependencey Track API server returns Not Modified HOT 3
- sbom upload fails with "Input length = 1" after Jenkins upgrade HOT 1
- Set stage as unstable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track-plugin.