tdruez
tdruez
I've extracted the `assemble_package` function in https://github.com/aboutcode-org/scancode.io/pull/1604 to help with the debugging. Also, a new test [test_scanpipe_pipes_scancode_assemble_package_function](https://github.com/aboutcode-org/scancode.io/blob/main/scanpipe/tests/pipes/test_scancode.py#L498) is available to help debugging the queries. For example, on that simple test,...
@TG1999 I've run some data collection using the previous and the new implementation (api v1). Fetching for 133485 Packages, using bulk_search, with 100 PURL entries per request, so about 1,334...
@chinyeungli The Truncated description is the expected behavior with XLSX outputs. From https://github.com/nexB/scancode.io/blob/main/scanpipe/pipes/output.py#L384 > - Truncate the "description" field to the first five lines. ``` if fieldname == "description": max_description_lines...
@pombredanne The new structure looks fine. I would suggest that we introduce a new endpoint for now instead of a full API v2. Also, the `vulnerabilities` should be a mapping...
I've noticed that the `weaknesses` data is available in the `/api/vulnerabilities/` details endpoint but not in the `packages` one. This is problematic for data collection through the API. Make sure...
@TG1999 @pombredanne In DejaCode, we need to fetch over 500,000 PURLs daily from VulnerableCode. For each, I need the list of affected_by_vulnerabilities and full details of each vulnerability. Can you...
> Also to be very clear: I want to avoid inlining package data under a vulnerability. e.g., we may not get counts and fixed or affected packages there ... but...
> Do we still use these parametes in DJCD for bulk search and do we need to support them in V2 ? Yes, both are used on the DejaCode side....
aboutcode.pipeline 0.1 published to PyPI at https://pypi.org/project/aboutcode.pipeline/
GET requests have some size limitation where POST do not. Both may be needed with the ability to use POST for large payloads.