nscuro
commented
1 year ago It would be good to have the use-case behind this enhancement documented.
In addition to the use case itself, as @sahibamittal mentioned, a list of pros and cons should be created.
Essentially, we need to figure out if the use-case justifies the downsides we would introduce by implementing this. Before that is decided, no implementation work should be done.
Personal note: As it stands right now I do not think it's a good idea to attempt to mirror data sources that do not support mirroring natively. If we attempt to do this sort of ad-hoc mirroring we'll be running into all sorts of inconsistencies that I'd much rather avoid.
Currently in Hyades, we've skipped the mapping of affected package versions for scan analysers (Snyk, OssIndex) because of scenario like : If Snyk reports affected versions and later it doesn't, the versions would still be reported by Internal analyser. Cleanup needs to be implemented for the same if we're planning to store this information.
Revisit the pros and cons for the same.
TBD.