Allow querying results for dependencies

[behnazh-w]

We need to improve querying results from the DB, JSON, and HTML reports for a dependency. For example if I want to know which dependencies have had provenances but failed l3 check, I have to check each dependency manually. The question is if we should improve the HTML report, or directly query the DB? Or would it make sense to add a SQL query CLI with some predefined queries?

[tromai]

Thanks for opening the issue. After thinking about it, here are some of the approaches I could think of and their pros/cons:

• If we want to improve the HTML report only: We need to put more information on the main report HTML and also provide some sort of "sorting" or "filtering" features so that the viewers could look through it. This is feasible as we only need to get the data from the dependency reports and dump it there.
• If we want to perform a query to the DB: we would want to use Javascript inside the HTML report to access the db. This could easily break if we decide to update the database schema. And I don't think having too much logic inside the HTML report would be a good idea.
• SQL query CLI with some predefined queries: This is straight forward for implementation but I don't think the users (who might not be technical people) would find it intuitive as they have to run the CLI separately.

So I think one of the main questions is that whether it makes sense to have this feature for viewing in the HTML report only or do we want to use it inside Macaron in the future.

[tromai]

I think with the improvement on data model and our SQLite database. We can now query dependencies information and write policies about the dependencies of a software component Do you think we should close this issue?

• #305