Antonino Sabetta
Antonino Sabetta
I guess we should change the "else" here: https://github.com/SAP/project-kb/blob/prospector-assuremoss/prospector/git/version_to_tag.py#L124 to produce a BIG warning instead of trying hard to offer some matching -- the user should provide the mapping manually...
Currently the client proceeds silently if the backend is not reachable, however it is easy for the user to overlook the corresponding message. To avoid confusion, the current default behaviour...
Additional variant (as a separate rule): the bug-tracking issue contains security-related keywords
Currently, the user can specify these keywords manually via the `--advisory-keywords` flag. The tool should extract them automatically, in addition to allowing the user to indicate them explicitly.
We could use spacy named entity recognition (NER) to have a more accurate extraction of relevant pieces of info, such as project name, version ids, etc...
It would be useful to grow our existing (small) gazetteer of product names so that we can improve our ability to automatically detect project names (and as a consequence, to...
See files: - api/main.py - docker/api/Dockerfile - docker-compose.yml This might also be relevant: https://philstories.medium.com/fastapi-logging-f6237b84ea64
If we could extract the name of the affected project from the advisory, we could then try to propose the user a repository url, without them specifying one. This can...
**Scenario** A statement s_1 and a statement s_2, from sources S_1 and S_2 respectively, are conflicting. With some policy (or via manual intervention) they are reconciled and the result is...