Publish individual metadata records to a git repository

[pombredanne]

To store decentralized scans, vulnerabilities and other package metadata, we need to define the models and data schema and corresponding on-disk tree structures.
As outcome I would like to be able to automatically push individual records from PurlDB or VulnerableCode (VCIO) for a Package to a git repository, and this on each update, using a properly documented format using a JSON schema.
This would mean we would:

• Create a schema to store vulnerability and package metadata serialized in a suitable JSON (or YAML) format #10
• Create script(s) to export and serialize records with updated data #9

One of the difficulties is to cope with some of the limitations of public git services that may limit the size of a git repo AND the practical limit of git for an efficient usage where very large repos with too many files are difficult and slow to clone and use.

Another difficulty is to achieve some form of PURL-based addressing, such that a stored scan can be accessed easily based on a PURL and a minimal external knowledge of the system.

[yaswanthsaivendra]

Hey @pombredanne
I would like to work on the FederatedCode project. Could you help me on how can I get started?

[pombredanne]

@yaswanthsaivendra sorry for the (very) late reply!
This is a complex project that we have under control for now.

[pombredanne]

See also related issues and PRs:

• Improve export command vulnerablecode#1571
• Export vulnerablecode-data vulnerablecode#1206