dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

Add optional organization/group structure

Open stevespringett opened this issue 4 years ago • 8 comments

Current Behavior:

The portfolio metrics are root level. All projects are directly in the root.

Proposed Behavior:

Add optional project organizational/group assignment where a project is a member of 0 or 1 organizations or groups. Not sure what the exact term should be.

stevespringett avatar Apr 13 '20 19:04 stevespringett

Would this cover tags? A collection of (say) 10 projects with tag team-denver is a "group" (from the user's perspective) and should have metrics that are specific to the tag.

msymons avatar Apr 15 '20 08:04 msymons

I think tags are a different use case. This ticket is to virtually separate projects into various groups and eventually have the system be able to apply different policies and access control to the various groups. Business units, partial portfolio responsibilities, etc, are the intended uses.

stevespringett avatar Apr 15 '20 15:04 stevespringett

The use case of tags is interesting and it may be possible to do something like that in the future once DT migrates away from a relational database. Graphs are its future, and doing those types of queries would be elementary with a graph and a lot more complex with RDBMS.

stevespringett avatar Apr 15 '20 15:04 stevespringett

Will this functionality cover a use case where, for example, web application has production environment plus number of pre-prod copies (lets say ST & UAT) used for various testing purposes? At the moment, if I'm not missing anything, the only way to represent all three in DT is to create three projects "${APP_NAME} Prod", "${APP_NAME} UAT" & "${APP_NAME} ST". Would it be possible to represent all of them as a single group or using another term but in a grouped way ?

RoSk0 avatar Apr 30 '21 02:04 RoSk0

For us this feature would help us organize projects per client. We have 100+ clients and 1000+ projects. Ideally we would organize the projects per client, and also assign permissions per client. i.e. a new top level of "Project Group" would solve this. Or it could be that there can be multiple portfolio's within the same DT instance and projects could be grouped into portfolio's.

valentijnscholten avatar Sep 30 '21 10:09 valentijnscholten

I think this can be tackled now using the new parent-child views we introduced in https://github.com/DependencyTrack/frontend/pull/328.

Basically, my idea posted here https://github.com/DependencyTrack/dependency-track/issues/2041 could be used for this. While my idea only covers the data shown in the project list so far, it could also be extended, that those "Collection" projects (anyone got a better name maybe?) instead of giving component-lists etc, could show some view with metrics about this collections children.

@stevespringett @nscuro would this work for you?

rkg-mm avatar Dec 07 '22 16:12 rkg-mm

Hi,

I stumbled on the same problem. I think what we need here is a new type of Project Classifier, called let's say "Organization Unit". When new project is created with such classifier it will not allow to add/remove any components directly to it. It will only be used to properly organize the structure of Systems, Subsystems and Products. Such classifier would aggregate all Metrics, Audits and Policy Violations of all child elements connected to it.

image

ryhoo2 avatar Jan 15 '24 16:01 ryhoo2

@ryhoo2 I think your ask is covered by @rkg-mm's PR #3258.

nscuro avatar Jan 15 '24 16:01 nscuro