Contributions
Re: log4j security vulnerability
I received a response from the Smartbear support team. CollaboratorisnotaffectedbyCVE-2021-44228forthefollowingreasons: -Collaboratordoesn'trunApacheLog4j2atall.CollaboratorstillusesthefirstmajorversionofLog4j(namely1.2.17). -Duetotheversionincompatibility,CollaboratornevercontainedthefunctionalitycoveredbyCVE-2021-44228. -TheLog4jconfigurationofCollaboratorneverusedtheremoteloggingfeaturesofLog4j.2.6KViews1like0CommentsCollaborator reviews should include items deleted from clearcase
Currently the Collaborator Client is designed to ignore files deleted from clearcase which in turn means changes are not being reviewed properly. At my company we are held reliable for all changes made including when files are deleted. I have had complaints from developers that their reviews do not include their deleted changes as well as the Collaborator Client complaining their activity is empty when the only changes are deleted files.732Views0likes0CommentsGroup create/edit API to support review templates
To speed up creating a new group and adding member's to that group we have created a script that automates this in a way that fits our needs. The problem here is that once the script is run we need to manually update the group to set the proper review templates and default. It would be great if we could do this through the API to save time.981Views0likes0CommentsEnable/Disable User actions and administrator reporting in logging
As a international medical company we have the need to regulate who submits and performs code reviews due to FDA and other regulations. We require users complete a digital signature form as well as training before giving them access. This process stretches across departments as HR takes care of the digital signature and training, a quality team takes care of enabling the user and the devops team manages Collaborator.To help with the process of creating users we have Collaborator create the user on valid LDAP login and trigger a script which disables the user and sends the appropriate emails with further instructions. The process works well however we have no way of tracking the enabling/disabling of users. In our script we do log when we disable a new user but it would be very helpful and a possible audit need to know when Collaborator actually enables/disables a user and who issued the enable/disable command. This would also help in troubleshootingas we have had incidents where the wrong users were enabled/disabled by accident due to similar usernames.993Views0likes0CommentsAllow triggers to run collaborator actions securely
Background: We require our users to complete collaborator training before giving them access to collaboratoras we need to comply with federal regulations. To save time we create users ahead of time but we disable them and for structure reasons we also add new users to a "New Users" group. Currently we automatethe process with the create user trigger and a python script that uses collaborator client commands and sends email to the new user and an admin. All this runson our collaborator enterprise server which is solely for collaborator tasks and has limited access. Problem: To use the collaborator command line we needed to install collaborator client and provide password. Wehave login ticket time-to-live set to 1 hour sopassword would be requested every hour unless we added the password to the client configuration file in plain text. Suggestion: 1) It would be nice if collaborator enterprise came with a command line so collaborator client did not need to be installed separately to perform actions on the server 2) To avoid having to install separate applications or use resources on another machine it would be nice if there was a way to perform collaborator actions on the server without having to pass an admin password in the clear.Some example may be to a pass a secure authentication token with a substitution variable to the script or allow commands run on the enterprise server by a specific restricted user to run without password prompt or allow the password to be stored encrypted in a hidden location.1.7KViews0likes0Comments