Open pandurangpatil opened 2 years ago
I think we should also consider keeping these results in the repo itself. Following are some pointers:
git
and provide some contextual history.However, the described solution raises some good points. For those:
trend
" view for repos for Cloud viewers, including "Risk-meters" (Example: Diff between previous & new results).privado.old.json
- like most configuration updaters). Keeping more than that might not make sense if it is not tied to a git
repository. Devs can still consume the output in their own CI/test systems.If we choose to move the results to ~/.privado/results
- we additionally need to create a local database-like mechanism that will maintain a scanIdentifier-repoIdentifier
and handle cases like "rename" and "move" locally to maintain that database.
Is your feature request related to a problem? Please describe. The approach to results storage is extremely interesting but also potentially problematic. At present, a repo’s scan result is stored into [repo]/.privado/privado.json, meaning it lands inside the repo. Practically, this means the results will likely be lost when the repo is removed and recloned.
Describe the solution you'd like I would love to see the results persist in some way without having to copy or move them myself. Maybe this would mean storing the results in ~/.privado/results/ for example. This would allow users to view historical results easily and maybe give the Cloud Viewer a “trend” view for repos. It always feels good to see the Risk rating decrease over time… and it’s nice to be able to notice a sudden spike in Risk if that happens.