Feature ideas

Problem Today, automaticPort only allows automatic deletion during reconciliation by the integration that originally created an entity (the entity’s “owner”). If an entity was created by Port Internal or a legacy integration (e.g., the legacy GitHub app) and is later updated or maintained by a different integration (e.g., an Ocean-based LDAP/entitlements integration or GitHub Ocean), the maintaining integration cannot delete the entity when it stops reporting it. This results in: Orphaned entities that cannot be cleaned up automatically Customers being forced to delete and recreate large numbers of entities (users, GitHub entities, etc.) solely to transfer ownership Increased operational risk and complexity during migrations (e.g., legacy GitHub app → GitHub Ocean, or custom scripts → Ocean integrations) Requested solution Support multi-integration ownership for deletion, or provide a safe ownership transition mechanism. For example: Allow a configurable list of integrations to be authorized to delete an entity (or entities of a given blueprint/kind), even if they did not originally create it Provide a supported way to transfer or extend ownership from one integration/user-agent to another (e.g., from Port Internal or a legacy GitHub app to an Ocean integration) without requiring delete-and-recreate Benefits Safe, non-destructive migrations between integrations (legacy → Ocean) Cleaner catalogs with fewer orphaned entities Better alignment with real-world “source of truth” changes (e.g., moving user management to LDAP, or project ownership to GitHub/Snyk Ocean)

We’d like Checkmarx One self-hosted integration to support webhook endpoints with flexible path prefixes, instead of requiring all webhooks to be sent only to a fixed /integration/webhook path. Current Limitation At the moment, webhook requests are only accepted when they are sent to the exact /integration/webhook endpoint. If a webhook is sent to a prefixed path such as /checkmarx-one/integration/webhook, the request fails, even when traffic is correctly routed to the integration. Requested Behavior Allow webhook endpoints to be exposed behind a single shared domain, for example: https://example.com/<integration>/integration/webhook Support path-based routing so different integrations can be reached via unique URL prefixes. Once a request reaches the integration, it should be accepted as long as the path ends with /integration/webhook, regardless of any preceding path segments. Why This Is Important Simplifies infrastructure by avoiding the need for a separate DNS name per integration Makes it easier to manage IP allowlists, firewall rules, and security policies at the domain level Enables smoother promotion of integrations from development to production environments Aligns with common enterprise patterns that rely on a single domain with path-based routing

Summary: Allow users to configure which HTTP status codes trigger automatic retries via spec.yaml, without modifying integration source code. Background: The Ocean framework's RetryConfig class already supports additional_retry_status_codes, but this is not exposed to users. All integrations that use custom retry codes (PagerDuty, Sentry, GitHub, etc.) have them hardcoded in the client code. Default retryable status codes: 400, 401, 429, 502, 503, 504 Problem: Different third-party APIs have varying reliability characteristics. Some APIs intermittently return 500 or other error codes that would benefit from retry logic. Users currently cannot configure this without forking and maintaining a custom version of the integration. Proposed Solution: Add an optional additionalRetryStatusCodes configuration to spec.yaml. Benefits Users can adapt to their specific API behavior without code changes Fully backward compatible as an optional configuration Leverages existing RetryConfig infrastructure Use Cases GitLab self-hosted instances returning intermittent 500 errors under load APIs behind flaky proxies returning frequent 502/503 errors Cloud provider APIs with known transient 500 error patterns Related Code port_ocean/helpers/ retry.py - RetryConfig class port_ocean/helpers/async_ client.py - OceanAsyncClient integrations/pagerduty/clients/ pagerduty.py (lines 31-38) - example hardcoded implementation

Integrating JFrog’s end-to-end software and AI supply chain security with Port’s Internal Developer Portal creates a single, authoritative control plane for visibility, governance, and remediation. Security signals such as SBOMs, vulnerabilities, malicious package detections, license and policy violations, secrets, SAST and IaC misconfigurations, and AI model risks are ingested from across the JFrog platform and modeled in Port as first-class entities. These signals are correlated to services, artifacts, packages, environments, deployments, and owners, with contextual enrichment such as CVE applicability, runtime exposure, business criticality, and ownership. This provides continuous, real-time insight into software and AI supply chain risk, backed by centralized audit trails, lineage, and compliance views. Through this integration, Port transforms raw security findings into actionable outcomes for both security and engineering teams. Developers gain a shift-left experience with clear ownership, service-level readiness indicators, and visibility into issues surfaced from IDEs, CLIs, and automated scanners, while Port actions enable guardrails and AI-driven remediation such as opening fix PRs and tracking SLAs. Security teams benefit from a unified posture view across services and environments, consistent policy enforcement, exception management, and end-to-end traceability from source code and models through artifacts and deployments. The result is a shared, developer-friendly security workflow that scales governance and remediation without slowing delivery.

We have a need to only pull projects that are 3 yr old. If we can pass something like 20220101 for last activity to only pull projects that have a last activity greater than this date will be great.

Currently, the GitHub Ocean integration requires users to use a GitHub personal access token (PAT) in order to ingest multiple GitHub Organizations into Port using a single GitHub Ocean integration. In the future, the GitHub Ocean integration should offer alternative authentication methods to allow users to ingest multiple GitHub Organizations using a single GitHub Ocean integration.

As a Port builder, I’d like to access more information from the GitHub GET users endpoint than what is currently available (login and email). Ideally, I’d like 100% of what is available with the GitHub REST API for GETting users, but at a minimum I’d like to ingest what team the user is on

We would like to have additional GitHub Metrics come natively from the GItHub integration, for example the ones from this repo https://github.com/port-experimental/super-github-metrics