fosstars-rating-core icon indicating copy to clipboard operation
fosstars-rating-core copied to clipboard

Published 20 hours ago verified publisher icon SAP

Interactive data providers should not depend on its order

Open artem-smotrakov opened this issue 4 years ago • 0 comments

Currently there are two interactive data providers:

  • AskAboutSecurityTeam
  • AskAboutUnpatchedVulnerabilities

In the SingleSecurityRatingCalculator class, they have to be added to the end of the list of data providers:

List<DataProvider<GitHubProject>> dataProviders() throws IOException {
    return Arrays.asList(
        new NumberOfCommits(github),
        new NumberOfContributors(github),
        new NumberOfStars(github),
        new NumberOfWatchers(github),
        new ProjectStarted(github),
        new HasSecurityTeam(github),
        new HasCompanySupport(github),
        new HasSecurityPolicy(github),
        new SecurityReviewForProject(github),
        new InfoAboutVulnerabilities(github),
        new IsApache(github),
        new IsEclipse(github),
        new LgtmDataProvider(github),
        new UsesSignedCommits(github),
        new ScansForVulnerableDependencies(github),
        new AskAboutSecurityTeam<>(),
        new AskAboutUnpatchedVulnerabilities<>()
    );
  }

But they should not depend on the order. Furthermore, it may be better to combine AskAboutSecurityTeam and HasSecurityTeam providers in a single composite provider (like ScansForVulnerableDependencies). Also, AskAboutUnpatchedVulnerabilities may be added to InfoAboutVulnerabilities.

artem-smotrakov avatar Apr 22 '20 07:04 artem-smotrakov