-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate vulnerablecode #101
Comments
@sameer1046 yes! @sbs2001 ping |
Not super familiar with scancode.io, but here's a first draft : the use case here would be along the lines of "extract packages + their licenses + their vulnerabilities(if any) " So we have the "extract packages + their licenses" part covered at the I can think of having a vulnerablecode Model Changes:- The vulnerability data should be on a package level. So changes must be done at @sschuberth ping, you guys are doing the same thing at ort right ? we can borrow some ideas here :) |
Sure, feel free to have a look at our VulnerableCode integration as a ORT advisor, which enriches package metadata with security vulnerability information by leveraging our generic Kotlin / Java client for the VulnerableCode service. |
@sschuberth that's awesome! Do you think this could be pushed as a separate reusable maven package of sorts for other could benefit from this? |
Definitely. That has been the plan for all our libraries in the clients directory, and should be done as part of oss-review-toolkit/ort#2906. Someone just needs to get it done 🙄 |
@sbs2001 is there a VulnerableCode instance available to start making "bulk_search api call"? |
@tdruez atm no. But you can spin up one quickly using docker-compose and running some small importer |
@sbs2001 Any plan to deploy a VulnerableCode instance in the near future? |
@tdruez that's on @pombredanne TODO list |
Signed-off-by: Thomas Druez <tdruez@nexb.com>
Signed-off-by: Thomas Druez <tdruez@nexb.com>
And allow to activate an alternative default tab from URL Signed-off-by: Thomas Druez <tdruez@nexb.com>
Signed-off-by: Thomas Druez <tdruez@nexb.com>
Completed in #551 |
Signed-off-by: Thomas Druez <tdruez@nexb.com>
No description provided.
The text was updated successfully, but these errors were encountered: