You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey. First of all. Thank you for creating Dependency-Track, it has for certain made visualizing security risks across IT-fields and security, a different ballgame; Going from opinions, to actual facts makes the conversations and solving the issues more goal oriented.
Secondly. I'm not entirely sure how important it is to use the package repository directly or if it's just the meta files that are the goal. Still learning the ropes in dependency-track, so it's highly likely I've misunderstood something.
Current Behavior:
Currently the repository assumes any repository does not require username and password. This is a problem if you want to use an internal package repository that require permission. The internal package repository, might be an internal package proxy.
Proposed Behavior:
Add username and password to the Create / Edit repository view.
Why is this a feature that we're looking for?
Having to make sure that every source is available for dependency-track, instead of just pointing to the same package repository source as the developers use, makes it an extra point of failure. Also there's the matter of the network infrastructure in an enterprise. It's preferable that all package repository requests goes through the same package proxy (in our case ProGet and Artifactory).
The text was updated successfully, but these errors were encountered:
Hey. First of all. Thank you for creating Dependency-Track, it has for certain made visualizing security risks across IT-fields and security, a different ballgame; Going from opinions, to actual facts makes the conversations and solving the issues more goal oriented.
Secondly. I'm not entirely sure how important it is to use the package repository directly or if it's just the meta files that are the goal. Still learning the ropes in dependency-track, so it's highly likely I've misunderstood something.
Current Behavior:
Currently the repository assumes any repository does not require username and password. This is a problem if you want to use an internal package repository that require permission. The internal package repository, might be an internal package proxy.
Proposed Behavior:
Add username and password to the Create / Edit repository view.
Why is this a feature that we're looking for?
Having to make sure that every source is available for dependency-track, instead of just pointing to the same package repository source as the developers use, makes it an extra point of failure. Also there's the matter of the network infrastructure in an enterprise. It's preferable that all package repository requests goes through the same package proxy (in our case ProGet and Artifactory).
The text was updated successfully, but these errors were encountered: