hyades icon indicating copy to clipboard operation
hyades copied to clipboard
verified publisher icon DependencyTrack

Offer a CLI for interacting with the REST API and other related tasks

Open nscuro opened this issue 2 years ago • 2 comments

Functionality should include:

  • Interacting with REST API
    • List, view, create, update, delete
    • Upload BOMs
  • Quality gate functionality for CI
    1. Upload BOM
    2. Wait for Processing to complete
    3. Fetch findings and policy violations
    4. Evaluate against quality gate definition
  • Validating of vulnerability policies (#930)
    • JSON schema validation
    • Validation of CEL expressions
  • Testing vulnerability policies against provided inputs

Some high-level thoughts on implementation:

  • While other technologies like Go are way better suited for CLI use cases, using a different technology means we cannot share any code with the main codebase

nscuro avatar Dec 20 '23 13:12 nscuro

While other technologies like Go are way better suited for CLI use cases, using a different technology means we cannot share any code with the main codebase

Could you please share more details on this ?

VinodAnandan avatar Dec 20 '23 13:12 VinodAnandan

@VinodAnandan If we use the same technology for both API server and CLI, we have opportunities to share code among them. API models, validation, potentially CEL evaluation and more. If we use Java in the API server and Go in the CLI, we always have to keep the Go code in sync.

I'm not saying this is the definitive way forward, but it should be a well-thought out decision no matter which tech we end up using.

nscuro avatar Dec 20 '23 16:12 nscuro