Add a "has_vulnerability" property on Package and Component to support Queries and Column Templates and Product Review #2
Assignees
Labels
enhancement
New feature or request
HighPriority
High Priority
Top Priority (Max 3 per Release)
Focus for a release
vulnerabilities
Vulnerability Management
Milestone
Comments
tdruez
added a commit
that referenced
this issue
Dec 22, 2023
Signed-off-by: tdruez <tdruez@nexb.com>
7 tasks
|
Implemented in #148 |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To get more value out of our VulnerableCodeDB integration, it would be great if we could add a "has_vulnerability" property to both the Package model and the Component model to support queries and column templates.
This is complicated by the fact that the DejaCode Report system is made to work on the DejaCode Database values, I'm not sure how we'll be able to accomplish since the Vulnerability data is stored in an external DB.
One idea would be to fetch both list of all vulnerable PURLs and CPEs references in the VulnerableCodeDB and store this the DejaCode cache. These lists could be updated in the cache on a daily basis. This would required new specialized API endpoints on the VulnerableCode side. (Also, as a first step before implementing any of this, we should get some stats about the amount of data stored in the VulnerableCodeDB and how it will evolve.)
We have a working prototype for this but we do not have the infrastructure in place for periodic async tasks (the celerybeat worker service need to be setup, or alternatively we could complete the migration to RQ that has direct support for periodic tasks. ( @tdruez please update this remark if the RQ migration complete is now complete ).
Also we might consider a few additional things (maybe they belong in different issues, but perhaps best discussed in this context first):
The text was updated successfully, but these errors were encountered: