Skip to content

docs: Asset Connectors — concept + Azure DevOps / Bitbucket / GitLab / JSM Assets setup#15153

Open
devGregA wants to merge 2 commits into
DefectDojo:bugfixfrom
devGregA:asset-connector-docs
Open

docs: Asset Connectors — concept + Azure DevOps / Bitbucket / GitLab / JSM Assets setup#15153
devGregA wants to merge 2 commits into
DefectDojo:bugfixfrom
devGregA:asset-connector-docs

Conversation

@devGregA

@devGregA devGregA commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Description

Adds documentation for the Asset Connectors feature family to the Pro connectors tool reference:

  • A concept section explaining how Asset Connectors differ from findings connectors (asset-inventory reconciliation, NEW/MISSING record lifecycle, automatic Product / Product Type creation, no findings import)
  • Tool-specific setup sections for the four new asset connectors, each capturing the auth requirements and platform quirks verified against the live vendor APIs:
    • Azure DevOps — PAT with Code:Read + Project&Team:Read, org-URL formats (incl. legacy visualstudio.com), disabled-repo handling, Cloud-only scope
    • Bitbucketscoped Atlassian API token requirement (classic tokens are rejected), required workspace slugs (scoped tokens cannot enumerate workspaces), Cloud-only scope
    • GitLabread_api PAT, self-hosted support, pending-deletion exclusion (deleted projects go MISSING instead of lingering as renamed assets)
    • Jira Service Management Assets — Premium/Enterprise plan requirement, agent-seat requirement, email + token auth

Sequencing note

These document features currently in review: DefectDojo-Inc/connectors #647 #648 #649 #651 and DefectDojo-Inc/dojo-pro #1746 (on the connectors-filters train). This PR should land with or after those.

🤖 Generated with Claude Code

@github-actions github-actions Bot added the docs label Jul 4, 2026
… Assets setup

Documents the new Asset Connector type (inventory reconciliation
instead of findings import, NEW/MISSING lifecycle, auto-created
Products and Product Types) and adds tool-specific setup sections for
the four new asset connectors, including the auth requirements
verified against the live vendor APIs: GitLab read_api PAT and
pending-deletion handling; JSM Premium plan + agent-seat requirement;
Bitbucket scoped-token requirement and mandatory workspace slugs;
Azure DevOps PAT read scopes and org URL normalization.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@Maffooch Maffooch force-pushed the asset-connector-docs branch from 2ea5c8c to 0d63435 Compare July 8, 2026 04:34
@Maffooch Maffooch changed the base branch from dev to bugfix July 8, 2026 04:34
The Azure DevOps and Bitbucket sections were inserted between AWS Security Hub's
Prerequisites and its own Connector Mappings, orphaning the AWS 'us-east-1'
mapping instructions after Bitbucket. Move AWS's Connector Mappings back under
its Prerequisites so the alphabetical order is AWS Security Hub -> Azure DevOps
-> Bitbucket -> BurpSuite with each section intact.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Maffooch Maffooch added this to the 3.1.100 milestone Jul 8, 2026
@Maffooch

Maffooch commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Fixed and approving (milestone 3.1.100).

Issue found in review: the new Azure DevOps and Bitbucket sections were inserted between AWS Security Hub's Prerequisites and AWS's own Connector Mappings, which orphaned the AWS us-east-1 endpoint mapping instructions after the Bitbucket section (so "AWS Security Hub → Connector Mappings" no longer read as one entry).

Fix: moved AWS Security Hub's Connector Mappings block back under its Prerequisites. The section order is now clean and alphabetical with each entry intact: AWS Security Hub (Prereqs → Connector Mappings) → Azure DevOpsBitbucketBurpSuite.

Verified: re-checked the rendered header hierarchy — every ## tool section is followed by its own #### Prerequisites/#### Connector Mappings, no orphaned blocks. Content is unchanged otherwise. Looks good now.

@Maffooch Maffooch requested a review from paulOsinski July 9, 2026 04:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants