Open pombredanne opened 2 months ago
@pombredanne I would like to assign this one to Ziad but cannot see him on the Assignees list. Any suggestions please?
See https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/models.py and design the appropriate mapping to DejaCode.
A "scheduler" is a fairly new concept/feature for DejaCode. We need to determine if there is a usable Django library to facilitate creating such a feature. As a working start, let's consider a new section of the DejaCode admin Dashboard, right under the "Imports" section, called "Scheduler" (or similar), that has an initial option for "Refresh Vulnerabilities" (or similar) where the admin user can define the frequency and scope of the vulnerability refresh process to be run on an automatic basis.
Assumption: the basic scope of the vulnerability lookup is to find vulnerabilities associated with Packages and Components currently defined in the relevant DejaCode dataspace. This could be further refined to include only those that are assigned to a Product in that dataspace.
The scheduler should also include a task to update Components defined in the relevant dataspace with CPE values as those become available.
The proposed vulnerability model in DejaCode should be designed to support queries such as:
We should createc a base Vulnerability application management in DejaCode with these features: