search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.66k stars 568 forks source link

Limit notifications to portfolio(s) instead of/alongside projects #3973

Open malice00 opened 3 months ago

malice00 commented 3 months ago

Current Behavior

Currently notifications can only be limited to projects. This means that any new project has to be added in the notification manually (unless no limits are set of course). Since this can only be done by a user with administrative permissions, this is a rather involved process and takes more time than it really should.

Proposed Behavior

It would be good to be able to limit notifications to a portfolio, so that any new projects in the portfolio are automatically picked up. Seeing that (at least for the mail notification) it is already possible to send it to a specific team, maybe there it could even be the default -- seeing how a team should only see their own portfolio.

Checklist

msymons commented 3 months ago

@malice00 , PR #3506 (scheduled for inclusion in v4.12.0 release) adds functionality whereby notifications can be filtered by tag.

I believe that this will address your need. Do you agree?

malice00 commented 3 months ago

@msymons, it might be usable as a workaround, but it does mean that we have to go through all our current projects to set tags on them... Also, what happens when 2 teams use the same tag on their projects? I feel portfolios are the more 'secure' way to make sure our teams only get notifications on their own projects...