l3montree-dev / devguard

DevGuard Backend - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project
https://devguard.org
Other
41 stars 4 forks source link

[Discussion/Feature] reduce operating costs #192

Open JSXRED opened 1 week ago

JSXRED commented 1 week ago

it would be great to minimize operating costs. i see two main points here.

1) why is an ory kratos necessary? it has to be maintained/updated etc. basically the most organizations usually has ONE oauth2 service for their dev-teams (github, azure devops, gitlab, gitea or similar) and does not have to manage multiple social logins. wouldn't it be better to just configure one oauth2 provider and do without kratos? since the tool is for developers, it should be acceptable for the person installing the server to configure an oauth service.

2) it would be great if a sqlite database could be used when wished instead of postgres. since no “heavy write-load” is to be expected here, this would also save a postgres server and could simplify some subsequent topics such as backup, restore, migration. It would also significantly reduce operating costs.

this would also make it easier to run the devguard server as a single-go application optionally - without container overhead.

timbastin commented 2 days ago

Hi @JSXRED, thanks a lot for that input. You are right, I think the deployment infrastructure can be simplified a lot by using a sqllite and by providing oauth2 provider configuration. This would make the kratos deployment and postgresql deployment optional. I am happy to accept any PRs!