Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2pt] provide a document describing all the tags/categories #2328

Open
1 task
Tracked by #2180
harshad16 opened this issue Apr 25, 2022 · 10 comments
Open
1 task
Tracked by #2180

[2pt] provide a document describing all the tags/categories #2328

harshad16 opened this issue Apr 25, 2022 · 10 comments
Assignees
@mayaCostantini
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@harshad16
Copy link
Member

harshad16 commented Apr 25, 2022
edited
Loading

Descriptions:

As a user of Thoth, I would like to have machine-readable access to the results of the recommendation engine. To support this, I would like to access results and read metadata in each justification and stack info entry. An example can be a justification entry provided by the unit responsible for providing CVE information - it can state how fresh the data are. Then, each user of Thoth would have access to this information and would be able to read this information.

Acceptance criteria

  • Create the document with details and structure of the metadata details in the justification and stack info
@harshad16 harshad16 mentioned this issue Apr 25, 2022
Open
8 tasks
@harshad16 harshad16 changed the title provide a document describing all the tags/categories [2pt] provide a document describing all the tags/categories Apr 25, 2022
@harshad16
Copy link
Member Author

/priority important-soon
/triage accepted
/sig stack-guidance

@sesheta sesheta added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance. labels Apr 25, 2022
@codificat
Copy link
Member

/kind feature

@sesheta sesheta added the kind/feature Categorizes issue or PR as related to a new feature. label May 2, 2022
@mayaCostantini
Copy link
Contributor

/assign

@mayaCostantini
Copy link
Contributor

mayaCostantini commented May 4, 2022
edited
Loading

Here is a list of justifications metadata I could think of so far:

  • Last CVE database update
  • Prescriptions release
  • Prescriptions repository

(Added in thoth-station/prescriptions-refresh-job#155)

  • Tags describing the type of each scorecard (what requirements of the analyzed project are checked)

(Added in thoth-station/prescriptions-refresh-job#177)

  • Security Scorecards dataset version
  • Last prescriptions update
  • Advise ID
  • Timestamp of when advise was computed
  • Adviser version
  • Number of packages added / removed
  • Version changes
  • Justification counts

Do not hesitate if anything more could be added to this list.

@mayaCostantini
Copy link
Contributor

cc @fridex @harshad16 @Gkrumbach07

@Gkrumbach07
Copy link
Member

Is there more data on security scorecards that could be returned as well? On the UI I have to search each justification for key words related to scorecards in order to properly display them. So a justification that contains the words "scorecard" and "fuzzing" match to the fuzzing scorecard data.

Also I believe scorecard data each get a rating of 0-10 to form an overall score. Can this also be returned?

@mayaCostantini
Copy link
Contributor

We could return the scorecards information if it makes it easier to find justifications on the UI, but would this be considered metadata? My idea of scorecards metadata would be closer to the version of the scorecards dataset that was used for example.

@Gkrumbach07
Copy link
Member

I think you are right, it might not be metadata. Including the version in the metadata should be fine. Where would other data about scorecard go. Beyond just a message, link, and severity?

@mayaCostantini
Copy link
Contributor

Do you mean where should it be returned for you to use it in the Search UI?

@mayaCostantini mayaCostantini mentioned this issue May 5, 2022
Merged
1 task
@Gkrumbach07
Copy link
Member

For that use case yes, but it would be helpful across other endpoints as well

@Gkrumbach07 Gkrumbach07 mentioned this issue Jun 27, 2022
Open
5 tasks
@codificat codificat moved this to 🆕 New in Planning Board Sep 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mayaCostantini mayaCostantini

Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Planning Board
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
5 participants
@codificat @Gkrumbach07 @harshad16 @sesheta @mayaCostantini