Extract improvement operations from RedHat importer

nexB / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Apache License 2.0

503 stars 184 forks source link

The RedHatImporter does a lot of extra, not-immediately-needed, improvement-like work In particular, we collect extra CVE details, Bugzilla and CVRF data too early. @ziadhany found out that with profiling we spend most of the time in doing network calls for these:

[ ] Collect RedHat CVE json details that contain extra data as an improver, not an importer
[ ] Collect RedHat Bugzilla details that contain extra data as an improver, not an importer
[ ] Collect RedHat CVRF RHSA details that contain extra data as an improver, not an importer

nexB / vulnerablecode

Extract improvement operations from RedHat importer #866