scan queue API redesign

aboutcode-org / purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

https://purldb.readthedocs.io/

35 stars 23 forks source link

scan queue API redesign #504

Closed JonoYang closed 3 months ago

JonoYang commented 3 months ago

Currently, the scan queue API has two endpoints:

/api/scan_queue/get_next_download_url/
/api/scan_queue/update_status/

The worker gets the next download url from /api/scan_queue/get_next_download_url/ and then performs a scan on it, then uses the /api/scan_queue/update_status/ to send back results or to indicate a failure.

It may be more logical to organize the scan queue API such that the update_status functions are actions on the scannable_uri instances themselves.

JonoYang commented 3 months ago

We now have the API endpoint /api/scan_queue/index_package_scan/ that is used to accept the purldb scan worker scan project info when a package scan has completed. Whenever get_next_download_url() is called, a webhook url is created, which is used as the webhook subscription target for the purldb scan worker project.