Modify Gitlab Importer to support package-first mode #1910
Conversation
* Separate Gitlab API handling logic from vulntotal Gitlab datasource to utils file Signed-off-by: Michael Ehab Mikhail <[email protected]>
* Use the GitLab API utils from vulntotal to support package-first mode. Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab
moved this to In Progress
in GSoC 2025: On-demand live evaluation of packages and integration with VulnTotal @michaelehab
|
Make changes for this as well thanks! https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/pipelines/v2_importers/gitlab_importer.py |
|
@TG1999 I modified the V2 importer as well |
* Update Gitlab v2 importer to filter and process advisories relevant to the purl passed in the constructor Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab
force-pushed
the
1903-gitlab-importer-package-first
branch
from
a33f85b to
c56e940
Compare
Signed-off-by: Michael Ehab Mikhail <[email protected]>
Signed-off-by: Michael Ehab Mikhail <[email protected]>
| @@ -31,6 +32,9 @@ | |||
| from vulnerabilities.utils import build_description | |||
| from vulnerabilities.utils import get_advisory_url | |||
| from vulnerabilities.utils import get_cwe_id | |||
| from vulntotal.datasources.gitlab import get_casesensitive_slug | |||
There was a problem hiding this comment.
@keshav-space what do you think is it a good idea to import vulntotal functions in vcio ? Or shall we create separate functions here ?
There was a problem hiding this comment.
@michaelehab , also spdx license is missing in Gitlab vulntotal datasource. We need to have that before using it in our VCIO importers. https://github.com/aboutcode-org/vulnerablecode/blob/main/vulntotal/datasources/gitlab.py#L30
There was a problem hiding this comment.
what do you think is it a good idea to import vulntotal functions in vcio ?
We can import it from VulnTotal for now. Later on we can extract these out in common utility.
Solves #1903