-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search REST via Purl #2089
base: main
Are you sure you want to change the base?
Search REST via Purl #2089
Conversation
I think it would be better from a usability point of view (assuming the initial way people interact with this will be manually creating the search with curl on in a browser) to have something like |
@funnelfiasco thank you for your input! I think this is a great idea! I never thought about passing all of the flags as a single query parameter. So, now our endpoint will look similar to: |
7900dbc
to
fa57306
Compare
8ed557a
to
c6f4e28
Compare
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
Signed-off-by: nathannaveen <[email protected]>
c6f4e28
to
c7426c0
Compare
Signed-off-by: nathannaveen <[email protected]>
98f3c71
to
fd59789
Compare
Description of the PR
This is the start of work on [feature] Add ability to fetch info related to a purl and similar identifiers in the REST api as well as aggregations on subsets of the identifiers #1734
"vulns"
or"dependencies"
.Here are some design decisions:
The purl or artifact is passed in via the path (i.e.The purl or digest is passed in via the path along with the queries. For examplehttp://localhost:8081/v1/package/pkg%3Agolang%2Ftest-namespace-1%2Ftest-name-1
), while the queries likevulns
ordependencies
are being passed in as parameters (i.e.http://localhost:8081/v1/package/pkg%3Agolang%2Ftest-namespace-1%2Ftest-name-1?vulns=true
)v1/package/pkg%3Agolang%2Ftest-namespace-1%2Ftest-name-1/vulns
orv1/package/pkg%3Agolang%2Ftest-namespace-1%2Ftest-name-1/dependencies
.If theThe latestSbom will be added in another PR.latestSbom
parameter is passed in, then when doing the vulnerability and dependency queries the code will only search for them in the latest SBOM.PR Checklist
-s
flag togit commit
.make generate
has been runmake generate
has been runmake generate
has been runcollectsub
protobuf has been changed,make proto
has been run