adviser icon indicating copy to clipboard operation
adviser copied to clipboard

Published 20 hours ago verified publisher icon thoth-station

[2pt] provide a document describing all the tags/categories

Open harshad16 opened this issue 2 years ago • 10 comments

Descriptions:

As a user of Thoth, I would like to have machine-readable access to the results of the recommendation engine. To support this, I would like to access results and read metadata in each justification and stack info entry. An example can be a justification entry provided by the unit responsible for providing CVE information - it can state how fresh the data are. Then, each user of Thoth would have access to this information and would be able to read this information.

Acceptance criteria

  • [ ] Create the document with details and structure of the metadata details in the justification and stack info

harshad16 avatar Apr 25 '22 13:04 harshad16

/priority important-soon /triage accepted /sig stack-guidance

harshad16 avatar Apr 25 '22 13:04 harshad16

/kind feature

codificat avatar May 02 '22 12:05 codificat

/assign

mayaCostantini avatar May 04 '22 09:05 mayaCostantini

Here is a list of justifications metadata I could think of so far:

  • [x] Last CVE database update
  • [x] Prescriptions release
  • [x] Prescriptions repository

(Added in https://github.com/thoth-station/prescriptions-refresh-job/pull/155)

  • [x] Tags describing the type of each scorecard (what requirements of the analyzed project are checked)

(Added in https://github.com/thoth-station/prescriptions-refresh-job/pull/177)

  • [ ] Security Scorecards dataset version
  • [ ] Last prescriptions update
  • [ ] Advise ID
  • [ ] Timestamp of when advise was computed
  • [ ] Adviser version
  • [ ] Number of packages added / removed
  • [ ] Version changes
  • [ ] Justification counts

Do not hesitate if anything more could be added to this list.

mayaCostantini avatar May 04 '22 13:05 mayaCostantini

cc @fridex @harshad16 @Gkrumbach07

mayaCostantini avatar May 04 '22 14:05 mayaCostantini

Is there more data on security scorecards that could be returned as well? On the UI I have to search each justification for key words related to scorecards in order to properly display them. So a justification that contains the words "scorecard" and "fuzzing" match to the fuzzing scorecard data.

Also I believe scorecard data each get a rating of 0-10 to form an overall score. Can this also be returned?

Gkrumbach07 avatar May 04 '22 14:05 Gkrumbach07

We could return the scorecards information if it makes it easier to find justifications on the UI, but would this be considered metadata? My idea of scorecards metadata would be closer to the version of the scorecards dataset that was used for example.

mayaCostantini avatar May 04 '22 14:05 mayaCostantini

I think you are right, it might not be metadata. Including the version in the metadata should be fine. Where would other data about scorecard go. Beyond just a message, link, and severity?

Gkrumbach07 avatar May 04 '22 18:05 Gkrumbach07

Do you mean where should it be returned for you to use it in the Search UI?

mayaCostantini avatar May 04 '22 20:05 mayaCostantini

For that use case yes, but it would be helpful across other endpoints as well

Gkrumbach07 avatar May 05 '22 13:05 Gkrumbach07