Enable calling d2d when collecting/indexing a package or on demand via the API - Githubissues

nexB / purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

https://purldb.readthedocs.io/

29 stars 21 forks source link

Enable calling d2d when collecting/indexing a package or on demand via the API #419

Open pombredanne opened 2 months ago

pombredanne commented 2 months ago

This is a follow up from https://github.com/nexB/purldb/issues/373

I would like to have a PurlDB REST API endpoint so that we can trigger a d2d from either one of these (design needed):

a pair of from and to PURLs to run d2d on
a package set for one PURL and run pair-wise d2d for each package in the set
a single PURL for some binary that is collected and where we found the sources as part of
- https://github.com/nexB/purldb/issues/418 and then we run d2d between these two

This could be an on-demand analysis or part of the standard indexing and we could store the analysis discrepancy results produced by:

https://github.com/nexB/scancode.io/issues/1148 in each package extra data

Some related issues wrt. to the package models are: