Description
📋 Description
Provide a configuration/setting on the badge server that allows for the dynamic and endpoint badges to be disabled.
Rationale and use case
This is obviously a self-hosting only type of scenario (we'd never need it for the main Shields.io deployment), but I'm increasingly convinced this would be a valuable feature for certain types of self-hosting use cases.
The native/dedicated-route badges are all relatively straightforward and easily auditable to determine the full scope of data exposure (e.g. self-hosting teams can easily review the badge offerings and identify the data points that could potentially be returned from some other tool/system via a badge/json response/etc. that a self-hosted badge server could provide). However, the dynamic and endpoint badges are inherently, by design open ended.
With this type of feature, a team could more confidently deploy a self-hosted badge server, even one that's internet-facing, with a clearly defined risk profile (i.e. we know we're exposing basic metadata like issue status from our internal Jira server, as opposed to any arbitrary API within our corporate network).