Caching for Remote Vulnerability Sources #51
digitalcoyote
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Current plan is to have it record the results of remote vulnerability checks in a file the same way that NVD Data is stored/retrieved. Any packages older than a certain limit are excluded if no remote vulnerability queries would be made without them.
Example:
OSS Index allows up to 128 packages in each call. If the project had 129 packages and only 1 was out of date in the cache, it would send up that 1 package along with the oldest 127 of the other packages. If Rebuilt again, it would ignore OSSindex and use vulnerabilities from the cache.
Any requests on additional features for caching are welcome here or on Gitter
Beta Was this translation helpful? Give feedback.
All reactions