Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add a source to scores #1431

Merged
merged 2 commits into from
Sep 30, 2024
Merged

✨ Add a source to scores #1431

merged 2 commits into from
Sep 30, 2024

Conversation

czunker
Copy link
Contributor

@czunker czunker commented Sep 13, 2024

No description provided.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 13, 2024
edited
Loading

Test Results

  1 files   24 suites   18s ⏱️
403 tests 402 ✅ 1 💤 0 ❌
404 runs  403 ✅ 1 💤 0 ❌

Results for commit 36c80e4.

♻️ This comment has been updated with latest results.

@czunker czunker marked this pull request as ready for review September 18, 2024 10:50
chris-rock
chris-rock reviewed Sep 18, 2024
View reviewed changes
policy/cnspec_policy.proto Outdated
@@ -640,6 +640,9 @@ message Score {
int64 failure_time = 11;
// risk factors that were applied to this score
ScoredRiskFactors risk_factors = 12;
// Source of the score
// Currently, this only applies to vulnerability scores
string source = 13;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have questions:

  1. One score can have multiple sources. Eg. MVD can find a CVE and MS defender can find a CVE. Then what lands in the source
  2. I am not sure a simple string is enough. On GraphQL layer we need to return: source id, source title, source icon. How do we achieve that without storing all the data all the time. eg. we track a list of data sources per space and then refer ids?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend we do the following:

// Source is used to identify the source.
message Source {
  // Required. Name of the source
  string name = 1;
  // Optional. URL of the source
  string url = 2;
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion. I changed it accordingly.

@czunker czunker marked this pull request as draft September 30, 2024 05:35
@czunker
✨ Add a source to scores
77f3d47 
Signed-off-by: Christian Zunker <[email protected]>
@czunker czunker force-pushed the czunker/score_source branch from f31d8ec to 77f3d47 Compare September 30, 2024 11:50
@czunker czunker marked this pull request as ready for review September 30, 2024 12:23
chris-rock
chris-rock approved these changes Sep 30, 2024
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @czunker

@chris-rock chris-rock merged commit 8c9d12a into main Sep 30, 2024
14 checks passed
@chris-rock chris-rock deleted the czunker/score_source branch September 30, 2024 16:57
@github-actions github-actions bot locked and limited conversation to collaborators Sep 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@czunker @chris-rock