search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.58k stars 541 forks source link

Portfolio Access Control: Wildcard Exclusion and/or Exclusion List (to enable "shaming") #1978

Open lsauer opened 1 year ago

lsauer commented 1 year ago

Currently there is only an inclusion based Portfolio Access Control. However my client thinks that for the enterprise it is best if you can see peer-projects so that everyone is incentivized to have non-vulnerable and audited Projects driven by shame and competition.

And I concur with this analysis and agree with his logic. Only sensitive Projects would need to be excluded to a given Portfolio

Current Behavior:

Inclusion List of Projects to be included in the Portfolio of a given Team

Proposed Behavior:

Exclusion List of Projects to be excluded in the Portfolio of a given Team. Default: included

mbuchner commented 1 year ago

+1

Especially the wildcard / regex part which is only mentioned in the headline!

Nice would be something like we know it from Jenkins (Role-based Authorization Strategy)

Team "cutomer": "(?i)customer1.*"

Team "other-customer": "(?i)other-customer.*"

so that we can name our dtrack projects accordingly and get them automatically assigned to the right team.