Normalize the data pulled from the data source(s) #47
Description
🚀 Feature Request
Is your feature request related to a problem? Please describe.
In order to eventually support multiple data sources, we need to have some sort of normalized format that the sources can output. If we don't, this whole thing is never going to work well. I think we also need to have them all feed into the same single structure of data, so that we don't have to perform tricky merge operations later. I think.
Describe the solution you'd like
The best way to describe my thoughts is with a bit of pseudo-code.
type Team struct {
Id string, // I'm not sure how important this is, but it could be maybe a GitHub slug? I don't want to force us to be reliant on information from any single backend though.
Name string,
ContactInfo ... // Something like this to contain email, Slack channel ID, etc.
}
type Vulnerability struct {
Sources []string, // Links to GitHub, AWS, CVE db, etc.
Severity string, // Probably an enum here for Critical, High, Moderate, Low
Identifiers []string, // CVE, CWE, GitHub vuln ID, etc
Package string,
Ecosystem string, // Probably another enum for npm, pip, rubygems, etc.
// ... other attributes?
}
type Project struct {
Name string,
Owners []*Team,
Vulnerabilities []*Vulnerability
}
// ...
var projects []querying.Project
var wg sync.WaitGroup
for _, source := range dataSources {
wg.Add(1)
source.QueryVulnerabilities(&projects, &wg)
}Describe alternatives you've considered
I'm not really sure what alternative we've got. Right now we're just not really normalizing and everything is very GitHub-centric.