[2pt] provide a document describing all the tags/categories

thoth-station / adviser

The recommendation engine for Python software stacks and Dependency Monkey in project Thoth.

https://thoth-station.github.io

GNU General Public License v3.0

34 stars 13 forks source link

[2pt] provide a document describing all the tags/categories #2328

Open harshad16 opened 2 years ago

harshad16 commented 2 years ago

Descriptions:

As a user of Thoth, I would like to have machine-readable access to the results of the recommendation engine. To support this, I would like to access results and read metadata in each justification and stack info entry. An example can be a justification entry provided by the unit responsible for providing CVE information - it can state how fresh the data are. Then, each user of Thoth would have access to this information and would be able to read this information.

Acceptance criteria

[ ] Create the document with details and structure of the metadata details in the justification and stack info

harshad16 commented 2 years ago

/priority important-soon /triage accepted /sig stack-guidance

codificat commented 2 years ago

/kind feature

mayaCostantini commented 2 years ago

/assign

mayaCostantini commented 2 years ago

Here is a list of justifications metadata I could think of so far:

[x] Last CVE database update
[x] Prescriptions release
[x] Prescriptions repository

(Added in https://github.com/thoth-station/prescriptions-refresh-job/pull/155)

[x] Tags describing the type of each scorecard (what requirements of the analyzed project are checked)

(Added in https://github.com/thoth-station/prescriptions-refresh-job/pull/177)

[ ] Security Scorecards dataset version
[ ] Last prescriptions update
[ ] Advise ID
[ ] Timestamp of when advise was computed
[ ] Adviser version
[ ] Number of packages added / removed
[ ] Version changes
[ ] Justification counts

Do not hesitate if anything more could be added to this list.

mayaCostantini commented 2 years ago

cc @fridex @harshad16 @Gkrumbach07

Gkrumbach07 commented 2 years ago

Is there more data on security scorecards that could be returned as well? On the UI I have to search each justification for key words related to scorecards in order to properly display them. So a justification that contains the words "scorecard" and "fuzzing" match to the fuzzing scorecard data.

Also I believe scorecard data each get a rating of 0-10 to form an overall score. Can this also be returned?

mayaCostantini commented 2 years ago

We could return the scorecards information if it makes it easier to find justifications on the UI, but would this be considered metadata? My idea of scorecards metadata would be closer to the version of the scorecards dataset that was used for example.

Gkrumbach07 commented 2 years ago

I think you are right, it might not be metadata. Including the version in the metadata should be fine. Where would other data about scorecard go. Beyond just a message, link, and severity?

mayaCostantini commented 2 years ago

Do you mean where should it be returned for you to use it in the Search UI?

Gkrumbach07 commented 2 years ago

For that use case yes, but it would be helpful across other endpoints as well