Draft spec of the submission validation server

[tschaffter]

Similarly to what we have done in the Patient Mortality DREAM Challenge and COVID-19 DREAM challenge, there are a few operations that we should perform before pulling a submitted Docker image to a Data Site.

• Scan the image for Common Vulnerabilities and Exposures (CVE), e.g. using Snyk (see infrastructure#9)
• Check that the submission implements all the endpoints expected for a given NLP task
  • Send one or more requests to each endpoint
  • Use dummy data with non-PHI data for POST / PUT requests

[tschaffter]

I created this spreadsheet to track the tool specifications that we are considering.