devguard icon indicating copy to clipboard operation
devguard copied to clipboard
verified publisher icon l3montree-dev

“Federation": Connection between DevGuard instances for syncing projects

Open seb-kw opened this issue 9 months ago • 1 comments

TBD 🧐

There was feedback from which we could deduce that it could be a very exciting feature to make DevGuard instances sync-capable. We currently offer links to the SBOM and the VeX for one project/asset. Adapting this, it would be cool if I could have a kind of mirror of the project in another DevGuard instance, paste the link and sync the projects.

Expansion stage 1 would be something like a read-only mirror. Another organization can, for example, track the work of a supplier using DevGuard in its own instance.

Expansion stage 2 would be something like a bidirectional connection via which the organization can work together with a supplier on a project.

This feature should be discussed again. It is justified to question level 2 in particular.

seb-kw avatar Mar 02 '25 10:03 seb-kw

We would just have to implement https://tc54.org/tea/, which is currently under development

timbastin avatar Mar 02 '25 16:03 timbastin

Already implemented with upstreams and csaf

seb-kw avatar Oct 31 '25 10:10 seb-kw