-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage vulnerability sources in database #123
Comments
Some quick notes: An alternative would be to have only one
Decoupling the fetching from the processing seems to help with using fixtures for testing, but I'm not sure there is enough to do for the fetching to warrant a separate class. That's not very important though as long as the interface consumed by the The processing step would take whatever the format of the data source is (OVAL XML, one huge JSON, one YAML document per advisory, etc.) and transform it into a common intermediate format that is then turned into model objects and stored in the database by the All this should be done in a "streaming" fashion, probably using generators and somehow reasonably efficiently written to the DB (probably using bulk inserts). Requirements for the new and improved import process are:
|
closed by #152 |
Add a model for available data sources where we can keep metadata such as the license under which the vulnerability data is published. This would make it easier to maintain this kind of information than having it in the code. When we have importers for standardized formats like OVAL it would also allow to add additional data sources that follow this standard by adding a new entry to this DB table.
An implementation of this would benefit from a bit of refactoring to some kind of base class for vulnerability sources.
The text was updated successfully, but these errors were encountered: