This is a larger revamp and should have multiple PRs targeting this issue. We should not create one large PR which will be risky and hard to review.
274 introduces integration with Insights v2 service with specifications available in https://buf.build/safedep/api. This is a completely revamped Insights Service with much richer metadata including our own metadata that we generate through our automation. Going forward, we will primarily support Insights v2 and slowly phase out Insights v1. This sunset window is required because Insights v1 data model is strongly coupled with analysers and reporters
The approach for this migration will be:
Revamp reporters to start using Insights V2 data model pkg.insightsv2
Revamp analysers to start using Insights V2 data model
Make Insights v2 as the default enricher in scan
To support this migration, we will also revamp the policy framework to support a spec driven Policy to be defined at https://buf.build/safedep/api/docs/main:safedep.messages.policy.v1 To complete migrations, we need to migrate our policies to leverage the Insights v2 model
Once this is done, we need to monitor Insights service logs and metrics for usage. Once the usage is below a threshold, we should inform the community about deprecation of Insights v1 and steps to completely migrate to Insights v2 compatibility. From a user perspective, this would involve
274 introduces integration with Insights v2 service with specifications available in https://buf.build/safedep/api. This is a completely revamped Insights Service with much richer metadata including our own metadata that we generate through our automation. Going forward, we will primarily support Insights v2 and slowly phase out Insights v1. This sunset window is required because Insights v1 data model is strongly coupled with analysers and reporters
The approach for this migration will be:
pkg.insightsv2To support this migration, we will also revamp the policy framework to support a spec driven Policy to be defined at https://buf.build/safedep/api/docs/main:safedep.messages.policy.v1 To complete migrations, we need to migrate our policies to leverage the Insights v2 model
Once this is done, we need to monitor Insights service logs and metrics for usage. Once the usage is below a threshold, we should inform the community about deprecation of Insights v1 and steps to completely migrate to Insights v2 compatibility. From a user perspective, this would involve
vet