-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Design on disk storage structure for packages and vulnerabilties data #3
Comments
@pombredanne @TG1999 |
@ziadhany re:
sorry for the late reply, and we discussed it since: this is a hash |
@pombredanne yes, we discussed this , and I have updated the pull request #1206 to match the new file structure:
However, I'm still concerned about the performance of this script. I believe there's a more efficient method to detect updates on VulnerableCode. At the very least, we should aim to minimize the number of queries in this script. |
@ziadhany the performance of the script should now be fine with the updates I applied. There are a few thing that I would like to consider further:
Here are the latest counts as of today (Using some data from @edebill modulecount, Thank you Erik!)
npm is the largest ecosystem with ~3.5M package and about 16M package versions. We want to have about 4 to 5K packages data stored in anyone git repo. The purl hash function https://github.com/aboutcode-org/vulnerablecode/blob/e273c67e7b48e09337de00367cabd23ceb566604/aboutcode/hashid/__init__.py#L290C31-L290C41 could become aware of the ecosystem and produce different hashes for different ecosystem. It could also be aware of namespace and if need be, to split things for deb and rpm distros. So there could be three or four ecosystem tiers :
|
See the attached zip for a design discussed with @ziadhany and @TG1999
federatedcode-data-structure.zip
The approach would be to have separate trees/repos for package metadata and vulnerabilities metadata, and have a cross reference from packages to vulns in packages and the other way in vulnerabilities.
The file tree would be looking more or less this way:
The text was updated successfully, but these errors were encountered: