History with custom metadata and filtering for enterprise customers

[matteotumiati]

Is your feature request related to a problem? Please describe. Looking at the history, I think there could be improvements to support the enterprise scenario.

I currently have a customer that has roughly 200 repositories (each one representing a microservice and with - at least - an Helm chart). I created a workflow to scan with datree, but the thing is I don't see any metadata to create comprehensive reports to my managers about the security status.

Describe the solution you'd like

• In the CLI or in the GitHub Action or whatever, I need to be able to send out some metadata like the name of the repository, the version of the Helm Chart I'm analyzing, other custom tags (date, name of the team developing the microservice and more).
• In the History page in the webapp, have the possibility to export the data using REST APIs
• In the History page in the webapp, have the possibility to filter the data by tags, repositories and see the relevant information about each scan (i.e. the version number)

Describe alternatives you've considered I cannot come up with alternatives right now as I'm in an evaluation phase with my customer. However this is a potential blocker to switch to Datree if we're unable to create reports at solution level (covering all the services I'm scanning) and at team level (only a subset of the scans).

[adifayer]

Thanks for your feedback, you raised great points and I totally see the value of each :) Regarding history export- what exactly do you expect to export? a copy of the content presented in the dashboard? or perhaps a copy of the CLI output with a specific format (json/yaml/etc.)?

[matteotumiati]

I would say it depends on what I need to export 😄

In my scenario, I have:

• Multiple products, being develop by different teams
• Each team has multiple repositories with multiple Kubernetes files to be scanned

Exporting could be more or less detailed and showing different data depending on the level I'm interested in.

For example:

• At single repository level, probably I'm a developer/security expert within the team and I'm interested in understanding what is the outcome of the scan, if there are security concerns I need to investigate and so on... basically what's available today
• At team level, I need to have somehow aggregated data of all the scans that are related to my repositories. In this case I could be the product owner of the team, more than the developer/security expert, and I need to present my managers how the set of microservices my team is building is looking. All the data it's available today works great, but I think in this case we also need trends repository by repository and overall, to monitor closely the situation. Perhaps just knowing which "issues" are more frequent rather than showing all the technical details would be better
• At product level, then I need to aggregate even more data because I'm probably grouping more teams together and I need a comprehensive understanding of what's happening. Here is more about which team is "behaving better than the others", so that as a business manager I know where we should be focusing our engineering effort in the coming future

Higher we go, less technical details we need and more charts we need. I don't want to talk about KPIs specifically, but that could also be another important point 😄