Open ZupeiNie opened 1 year ago
Hi @11111821
Q1: More information about how data are imported from project-KB to eclipse steady (and how to manually do it) is available at ¶. If you relied on the default configuration of .env
, you run the tool with KB_IMPORTER_SKIP_CLONE=True
. This means that only the subset of CVEs was processed (those whose changed code is already available in the project-kb repository). We opted for such default as the runtime increases once repositories have to be cloned. To process the entire list of vulnerabilities you can modify the configuration to KB_IMPORTER_SKIP_CLONE=False
Q2: the data already imported is stored in a docker volume (visible in the docker-compose.yaml). To delete the steady data you can list the existing volumes with docker volume ls
and delete the corresponding volume.
I hope this helps!
Steady build method: [QuickStart](https://eclipse.github.io/steady/user/tutorials/)
Question 1:View backend http://localhost:8033/bugs/ Found only 501 cve information, while there are 729 cve information in
kb-importer/data/.kaybee/repositories/github.com_ sap.project-kb_vulnerability-data/statements
and 731 cve information inkb-importer/data/statements
. I suspect that Steady's database import was not completed or was interrupted for some reason, so I want to manually import the information. Firstly, the three information items inkb-importer/data/steady.sh
were modified:USER_ TOKEN、BACKEND_ URL、KB_ IMPORTER_ PATH
, and then run steady.sh. May I ask if this can manually import vulnerability information.Question 2:I attempted to rebuild steady by [QuickStart](https://eclipse.github.io/steady/user/tutorials/). Prior to this, I deleted the relevant docker images and found that the backend information of steady had not changed after rebuilding. http://localhost:8033/bugs/ ,The CVE information displayed on the webpage is consistent with the information before reconstruction. I checked the content in the
kb-importer/data
and found that the CVE information is empty and gradually increasing. Therefore, I would like to ask why there is still previous data on the backend and deleting the docker images cannot delete all the previous steady data. What should I do if I need to completely delete steady data.I would greatly appreciate receiving a response!