AntonioliBenjamin
commented
3 weeks ago Hi @fraxken I have some questions for this issue
-
When you mention 'database API,' do you mean that we should develop a set of libraries or an SDK to fetch data from GitHub, Snyk, Sonatype, and NVD? Or are we supposed to build a new REST API that will expose these vulnerability data to be consumed by other systems?
-
Could you clarify the specific requirements for the standalone database APIs? For example, what should the data format and structure look like?
-
Do we need to support any specific authentication or authorization mechanisms for these APIs?
-
Are there any existing libraries or tools that the project is already using to interact with GitHub, Snyk, Sonatype, and NVD, or should we implement everything from scratch?
-
Are there any specific guidelines or best practices we should follow while designing these APIs, such as naming conventions or error handling strategies?
-
Should we implement these APIs as separate modules within the project, or should they be part of a single module?
fraxken
The goal of the task is to implement standalone database API like the OSV one for:
The main idea behind that is to use them to refactor strategy (for example in Snyk and Sonatype we kinda do the work ourself).
I created one issue but each of the require a separated PR.