Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Normalize the data pulled from the data source(s) #47

Closed
tarkatronic opened this issue May 16, 2023 · 0 comments · Fixed by #75
Closed

Normalize the data pulled from the data source(s) #47

tarkatronic opened this issue May 16, 2023 · 0 comments · Fixed by #75
Labels
Data Sources Issues related to collection of security alerts design decision needed Feature request that requires discussion around designs enhancement New feature or request help wanted Extra attention is needed
Milestone
Version 1.0

Comments

@tarkatronic
Copy link
Contributor

🚀 Feature Request

Is your feature request related to a problem? Please describe.

In order to eventually support multiple data sources, we need to have some sort of normalized format that the sources can output. If we don't, this whole thing is never going to work well. I think we also need to have them all feed into the same single structure of data, so that we don't have to perform tricky merge operations later. I think.

Describe the solution you'd like

The best way to describe my thoughts is with a bit of pseudo-code.

type Team struct {
    Id string,  // I'm not sure how important this is, but it could be maybe a GitHub slug? I don't want to force us to be reliant on information from any single backend though.
    Name string,
    ContactInfo ... // Something like this to contain email, Slack channel ID, etc.
}

type Vulnerability struct {
    Sources []string,  // Links to GitHub, AWS, CVE db, etc.
    Severity string,  // Probably an enum here for Critical, High, Moderate, Low
    Identifiers []string,  // CVE, CWE, GitHub vuln ID, etc
    Package string,
    Ecosystem string,  // Probably another enum for npm, pip, rubygems, etc.
    // ... other attributes?
}

type Project struct {
    Name string,
    Owners []*Team,
    Vulnerabilities []*Vulnerability
}

// ...

var projects []querying.Project
var wg sync.WaitGroup
for _, source := range dataSources {
    wg.Add(1)
    source.QueryVulnerabilities(&projects, &wg)
}

Describe alternatives you've considered

I'm not really sure what alternative we've got. Right now we're just not really normalizing and everything is very GitHub-centric.
@tarkatronic tarkatronic added enhancement New feature or request triage New issue in need of triage labels May 16, 2023
@tarkatronic tarkatronic added this to the Version 1.0 milestone May 16, 2023
@tarkatronic tarkatronic added Data Sources Issues related to collection of security alerts and removed triage New issue in need of triage labels May 16, 2023
This was referenced May 19, 2023
Open
Open
@tarkatronic tarkatronic added help wanted Extra attention is needed design decision needed Feature request that requires discussion around designs labels May 19, 2023
@tarkatronic tarkatronic mentioned this issue May 19, 2023
Open
@tarkatronic tarkatronic mentioned this issue Jul 20, 2023
Merged
@tarkatronic tarkatronic moved this from Todo to In Progress in Vulnbot: Multiple data sources Jul 21, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Vulnbot: Multiple data sources Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Data Sources Issues related to collection of security alerts design decision needed Feature request that requires discussion around designs enhancement New feature or request help wanted Extra attention is needed
Projects
Vulnbot: Multiple data sources
Status: Done
Milestone
Version 1.0
1 participant
@tarkatronic