-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added openjdk-importer to pipeline #1635
base: main
Are you sure you want to change the base?
added openjdk-importer to pipeline #1635
Conversation
Signed-off-by: Alok Kumar Singh <[email protected]>
@keshav-space @pombredanne @ambuj-1211 |
Hi @harmonicfunc , When you add a importer pipeline you have to certainly make test_importer with some test data in the |
Signed-off-by: Alok Kumar Singh <[email protected]>
the logs for importer run are here: pls review the pr!! |
The progress logging looks weird:
769%? Do you know where this is from? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, what is this sqlite database about?
https://github.com/aboutcode-org/vulnerablecode/pull/1635/files#diff-3d798ffe81426b5380b70f58d315964762be217077134e5540fda5358ec9848c
This should not be committed
pipeline_id = "openjdk_importer" | ||
root_url = "https://openjdk.org/groups/vulnerability/advisories/" | ||
license_url = "https://openjdk.org/legal/" | ||
spdx_license_expression = "CC-BY-4.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure this is the license? I cannot see anything on the legal page about this.
We should reach out to [email protected] to ask them about the license of thesei advisories and report here. Or ask at https://mail.openjdk.org/mailman/listinfo/vuln-announce ...
This may be under https://openjdk.org/legal/tou/terms and this may be problematic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@seanjmullan @andreasst we are trying to integrate the OpenJDK advisories data in VulnerableCode.
- Would you know what is the license of the advisory data published at https://openjdk.org/groups/vulnerability/advisories/
- Is there a structured data format better suited for data integration than web page scraping that could be available somewhere?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@seanjmullan @andreasst Sorry for the noise. I meant to tag someone in OpenJDK vulnerability group, not the security group! Would you know someone there who could help?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry for that, will make the changes didnt knew about that, i tried to search for the license but coudnt get it
yeah thats because i took the advisory count from the main page of url:https://openjdk.org/groups/vulnerability/advisories/ , but that might be wrong |
#1496
revision to previous openjdk-importer with new pr