Open fraxken opened 7 months ago
Hi @fraxken I have some questions for this issue
When you mention 'database API,' do you mean that we should develop a set of libraries or an SDK to fetch data from GitHub, Snyk, Sonatype, and NVD? Or are we supposed to build a new REST API that will expose these vulnerability data to be consumed by other systems?
Could you clarify the specific requirements for the standalone database APIs? For example, what should the data format and structure look like?
Do we need to support any specific authentication or authorization mechanisms for these APIs?
Are there any existing libraries or tools that the project is already using to interact with GitHub, Snyk, Sonatype, and NVD, or should we implement everything from scratch?
Are there any specific guidelines or best practices we should follow while designing these APIs, such as naming conventions or error handling strategies?
Should we implement these APIs as separate modules within the project, or should they be part of a single module?
@AntonioliBenjamin
My idea is to start simple and reuse them when possible in the strategies. For example, take a look at Snyk: Snyk strategy implementation.
The same approach applies to Sonatype.
If you need help or talk do not hesitate to message me on Discord
The goal of the task is to implement standalone database API like the OSV one for:
The main idea behind that is to use them to refactor strategy (for example in Snyk and Sonatype we kinda do the work ourself).
I created one issue but each of the require a separated PR.