You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We are keeping some of our suppression files in our company internal on-premise version control system, and so far have been using simple URLs for referencing and downloading them during the analysis. This is possible as long as the repository allows public access.
For security reasons we would like to disable all public access even to our internal repositories, though. At the moment it is possible to achieve a retrieval of a suppression file even in that case using username and password, but managing a complete user with credentials is cumbersome just for retrieval of a suppression file.
Our version control system offers the creation of access tokens for repositories, which can then be used in an authorization header to access repository content. This allows to create individual tokens per integration, which is also the recommended way.
Describe the solution you'd like
It would be nice if the utils for downloading suppression files (and the configuration they use) could support either an 'Authorization: Bearer' header or completely freely configurable extra-headers.
I may be able to implement this and create a pull-request if we can align on the functional solution.
Describe alternatives you've considered
using basic auth with username and password: possible already, but cumbersome in our case
encoding credentials into the URL somehow: unexpected and somewhat "hacky"
Additional context
(none)
The text was updated successfully, but these errors were encountered:
I am okay with adding an option to use an authorization token. I wouldn't explicitly make it a bearer token - but allow the user to specify the value for the authorization header instead of only using the username/password. It would be great if you could create a PR or it might be a while before you see this implemented.
Is your feature request related to a problem? Please describe.
We are keeping some of our suppression files in our company internal on-premise version control system, and so far have been using simple URLs for referencing and downloading them during the analysis. This is possible as long as the repository allows public access.
For security reasons we would like to disable all public access even to our internal repositories, though. At the moment it is possible to achieve a retrieval of a suppression file even in that case using username and password, but managing a complete user with credentials is cumbersome just for retrieval of a suppression file.
Our version control system offers the creation of access tokens for repositories, which can then be used in an authorization header to access repository content. This allows to create individual tokens per integration, which is also the recommended way.
Describe the solution you'd like
It would be nice if the utils for downloading suppression files (and the configuration they use) could support either an 'Authorization: Bearer' header or completely freely configurable extra-headers.
I may be able to implement this and create a pull-request if we can align on the functional solution.
Describe alternatives you've considered
Additional context
(none)
The text was updated successfully, but these errors were encountered: