Open nscuro opened 3 years ago
This functionality would be very useful for developers that are working on feature branches, who might need a confirmation that all is looking OK before they create a PR.
I would expect that it would be possible for (say) Jenkins DT plugin to display a report in Jenkins (albeit without a link to the project in DT because the project/version would not exist).
Today we struggle to manage multiple branches scanning with Dependency Track and we are obliged to suggest teams to manage several DT-projects for the same repository: Create at least have 1 project for the production ready branch to keep the tracked metrics stable and another one for development branches. Having multiple branch management in a single DT project would be a valuable feature for a lot of teams :)
Hi, any news on this high value-added feature? Because we're thinking more and more about building our own scripts for branch management, but it would be a shame to throw it all away if this feature is delivered soon :) Thank you!
No definitive progress here. But we appreciate there's great interest in it, and in fact we eagerly want it too!
We have some related efforts ongoing that will lay the groundwork to enable this feature though, stay tuned 🚧
Hello @nscuro do you have any news regarding the branch management feature, is it something you are planning on implementing soon? if yes, can you tell us if it will be based on the Hierarchical Project Relationship feature?
Best Regards,
Also keen to have this feature implemented.
Would be great to see this feature!
Current Behavior:
In order to scan components for vulnerabilties, users have to create a project first. Projects are great for continuously scanning components, but they're too heavyweight for use cases where only a single scan is desired.
Proposed Behavior:
Dependency-Track should support ad-hoc vulnerability scanning of components in a given uploaded BOM, without creating a project for it.
This is related to #374. But instead of having to check each component individually, uploading a BOM should suffice.