vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Deploy on public server

Open pombredanne opened this issue 5 years ago • 4 comments

  • [x] Decide on a DNS domain name and acquire name
  • [x] Provision server (Philippe), possibly with GCP credits at least for the initial DB creation
  • [ ] create deploy and backup scripts
  • [ ] deploy proper

pombredanne avatar Sep 10 '20 09:09 pombredanne

@edoardolanzini ping, FYI

pombredanne avatar Sep 29 '20 08:09 pombredanne

The temp domain for now would be https://vulnerablecode.aboutcode.org

sbs2001 avatar Feb 07 '21 09:02 sbs2001

@sbs2001 I registered for now vulnerabilitydb.org which is simple and generic

pombredanne avatar Jun 10 '21 09:06 pombredanne

and I provisioned a dedicated server

pombredanne avatar Jun 10 '21 09:06 pombredanne

This has been deployed (with a simple PW until final release 30.0.0 is tagged) at https://public.vulnerablecode.io/ :tada:

pombredanne avatar Sep 08 '22 22:09 pombredanne

This has been deployed (with a simple PW until final release 30.0.0 is tagged) at https://public.vulnerablecode.io/ 🎉

Meanwhile release 30.2.0 is tagged. Is there a way we could use the public instance in an ORT example pipeline without a password now, @pombredanne?

sschuberth avatar Nov 07 '22 12:11 sschuberth

@sschuberth there is a new release coming up and we added API doc and self registration for an API key This is may be released this week.

pombredanne avatar Nov 08 '22 07:11 pombredanne

self registration for an API key

Would you be OK with exposing an API key for ORT in a public example ORT pipeline that leverages VulnerableCode, @pombredanne?

sschuberth avatar Nov 08 '22 08:11 sschuberth

And this is now live at https://public.vulnerablecode.io/

pombredanne avatar Nov 08 '22 23:11 pombredanne

Would you be OK with exposing an API key for ORT in a public example ORT pipeline that leverages VulnerableCode,

Your call. An API key is like a password... and API calls should be throttled. Getting an API key should be easy enough

pombredanne avatar Nov 08 '22 23:11 pombredanne

And this is now live at https://public.vulnerablecode.io/

This is what I get when requesting an API key:

image

sschuberth avatar Nov 09 '22 07:11 sschuberth

@sschuberth This is now fixed! Sorry for the noise!

pombredanne avatar Nov 09 '22 11:11 pombredanne

I've got my API key now, but unfortunately I'm getting "Authentication credentials were not provided." for any API call that I tried so far despite an "Authorization" header with my token being present.

sschuberth avatar Nov 09 '22 12:11 sschuberth

despite an "Authorization" header with my token being present.

Ah, the value of that header field needs to start with the literal word "Token" before the token's value!

Could you fix the cURL code generated at https://public.vulnerablecode.io/api/docs/ to include that?

sschuberth avatar Nov 09 '22 12:11 sschuberth

Let me reopen this issue In the OpenAPI at https://public.vulnerablecode.io/api/docs/ if I click on Authorize, the popup states:

Available authorizations

tokenAuth (apiKey)

Token-based authentication with required prefix "Token"

Name: Authorization

In: header
Value:

Where do you think we could make this more obvious?

pombredanne avatar Nov 10 '22 12:11 pombredanne

Where do you think we could make this more obvious?

Ah, my fault. In this dialog

image

I was overlooking the with required prefix "Token" part and just pasted the hex value. If the "Token " prefix is included here, it also shows up in the cURL command line snippets. All a bit error-prone because unusual IMO, but actually correctly documented.

So, thanks, I think we can close this again!

sschuberth avatar Nov 10 '22 12:11 sschuberth

Thanks @sschuberth , closing this!

TG1999 avatar Dec 07 '22 11:12 TG1999