Skip to content

docs: Asset Connectors — concept + Azure DevOps / Bitbucket / GitLab / JSM Assets setup#15153

Open
devGregA wants to merge 1 commit into
DefectDojo:devfrom
devGregA:asset-connector-docs
Open

docs: Asset Connectors — concept + Azure DevOps / Bitbucket / GitLab / JSM Assets setup#15153
devGregA wants to merge 1 commit into
DefectDojo:devfrom
devGregA:asset-connector-docs

Conversation

@devGregA

@devGregA devGregA commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Description

Adds documentation for the Asset Connectors feature family to the Pro connectors tool reference:

  • A concept section explaining how Asset Connectors differ from findings connectors (asset-inventory reconciliation, NEW/MISSING record lifecycle, automatic Product / Product Type creation, no findings import)
  • Tool-specific setup sections for the four new asset connectors, each capturing the auth requirements and platform quirks verified against the live vendor APIs:
    • Azure DevOps — PAT with Code:Read + Project&Team:Read, org-URL formats (incl. legacy visualstudio.com), disabled-repo handling, Cloud-only scope
    • Bitbucketscoped Atlassian API token requirement (classic tokens are rejected), required workspace slugs (scoped tokens cannot enumerate workspaces), Cloud-only scope
    • GitLabread_api PAT, self-hosted support, pending-deletion exclusion (deleted projects go MISSING instead of lingering as renamed assets)
    • Jira Service Management Assets — Premium/Enterprise plan requirement, agent-seat requirement, email + token auth

Sequencing note

These document features currently in review: DefectDojo-Inc/connectors #647 #648 #649 #651 and DefectDojo-Inc/dojo-pro #1746 (on the connectors-filters train). This PR should land with or after those.

🤖 Generated with Claude Code

… Assets setup

Documents the new Asset Connector type (inventory reconciliation
instead of findings import, NEW/MISSING lifecycle, auto-created
Products and Product Types) and adds tool-specific setup sections for
the four new asset connectors, including the auth requirements
verified against the live vendor APIs: GitLab read_api PAT and
pending-deletion handling; JSM Premium plan + agent-seat requirement;
Bitbucket scoped-token requirement and mandatory workspace slugs;
Azure DevOps PAT read scopes and org URL normalization.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@github-actions github-actions Bot added the docs label Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant