CVE feed should update in near real time

[enj]

As a follow up to kubernetes/sig-security#106, the Kube website should be re-built more often or automatically triggered so that when a CVE issue is added to the feed, it shows up on the website quickly.

cc @kubernetes/security-response-committee @kubernetes/sig-security @PushkarJ

[ericsmalling]

Is it possible to have the table on the page dynamically rendered using the live JSON feed?

... maybe with a fallback to a static copy if the live version is not available

[justankiit]

/language en
/kind feature

[sftim]

/area web-development

[sftim]

/sig docs security

[sftim]

SIG Security, what priority should this have?

[PushkarJ]

/priority important-soon

[sftim]

The work here includes analyzing what a solution is likely to look like, as well as the implementation of that solution.

It's OK to ask questions if you are not sure what extra things you might need to learn in order to contribute.

[ahmedavid]

Hello Team, I am new in open source but I have good experience in web dev and devops. I would like to jump in with this one. How can I get started?

[ahmedavid]

/assign

[sftim]

Hi @ahmedavid

Would you like to outline the approach you have in mind for these improvements? Also, do you have any learning areas you would like to ask for advice on?

[sftim]

To anyone: if you're new to this, you could outline what research (eg looking at code and pull requests) you have already done.

[ahmedavid]

Hi @ahmedavid

Would you like to outline the approach you have in mind for these improvements? Also, do you have any learning areas you would like to ask for advice on?

Yes, I implemented working prototype on my local machine.

1. I inserted <script> tags in cve-feed.html (Maybe this is not the best approach but it works)
2. I read and cache current content of the table in a variable
3. I set up setInterval to send http request to json url every 5 seconds.
4. Then construct html string that needs to replace table content
5. Finally I replace table content
6. If error occurs I put back cached content from step 2

I created branch on my forked repository and made the first commit. You can see implementation there.
Can I create PR?
If yes please point me to PR template I can reference.

[sftim]

You are welcome to make a pull request @ahmedavid . There is a PR template in the repository that GitHub will ask you to fill in. You will also need to sign the contributor license agreement.

[sftim]

I set up setInterval to send http request to json url every 5 seconds.

That is too frequent I think. Try requesting updates no more than once every 60 seconds, and make them conditional if at all possible.

---

This is only part of the work. There is also a step to make sure that the feed (the thing you're fetching) is generated more often.

[ahmedavid]

I set up setInterval to send http request to json url every 5 seconds.

That is too frequent I think. Try requesting updates no more than once every 60 seconds, and make them conditional if at all possible.

This is only part of the work. There is also a step to make sure that the feed (the thing you're fetching) is generated more often.

Ok I can set 60 sec no problem. I am not sure what you mean by conditional
Edit: I should read the article, duh :). Nevermind

I am not sure how to generate more often at source . Pointers are welcome

[sftim]

Also relevant to kubernetes/sig-security#1

[PushkarJ]

Attempts to fix this in this PR: #44074

[k8s-triage-robot]

This issue is labeled with priority/important-soon but has not been updated in over 90 days, and should be re-triaged.
Important-soon issues must be staffed and worked on either currently, or very soon, ideally in time for the next release.

You can:

• Confirm that this issue is still relevant with /triage accepted (org members only)
• Deprioritize it with /priority important-longterm or /priority backlog
• Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

[sftim]

/priority important-longterm
/triage accepted

[sftim]

/remove-priority important-soon

based on this work not having been staffed, really. Feel free to convince us (SIG Docs) to bump it back, we'll definitely be open to that.