dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard
verified publisher icon DependencyTrack

versionless url for badge

Open davidkarlsen opened this issue 5 years ago • 3 comments

https://docs.dependencytrack.org/integrations/badges/

Current Behavior:

You need to hardcode version (or UUID - which changes by version (!)) in the url for the badge - it would be more convenient to have an url for latest version.

Proposed Behavior:

Just point at name and get semver latest version (or latest scanned version) - this way the url can be stable in READMEs etc.

davidkarlsen avatar Feb 08 '20 23:02 davidkarlsen

Related to #378.

To support this, semver detection and ordering needs to be implemented. There are no requirements for semver support. So ordering products that follow other versioning conventions would obviously lead to issues.

stevespringett avatar Feb 09 '20 06:02 stevespringett

This got me thinking... would it help to extend badge functionality to implement a badge for tags? Obviously, this type of badge would have to cater for usage in multiple projects (not double-counting, etc) but it could be useful in it's own right for (say) allowing a team to display team metrics in Confluence, etc.

msymons avatar Feb 12 '20 16:02 msymons

One approach would be to support some well-known versioning schemes such as Semver or Maven and add a property to each project that specifies the type of versioning used for that project. Once the versioning scheme is known, projects with the same name can be sorted by their versioning scheme.

sephiroth-j avatar Jun 09 '22 18:06 sephiroth-j