curium-rocks / mitre-siphon Goto Github PK

use the output of the gradle javadoc task to push the html pages to something like readthedocs to include documentation as part of the CI chain.

Evaluate options for simple load balancer/ingress that can bind to 80 and 443 and round robin to multiple mitre-siphon containers. Traefik is likely a good option, once selected update docker-compose files and helm templates if helm is present at time of merge.

Projects needs CI definition that tests, builds and distributes the application to docker hub

Project needs a readme that instructs on how to build and run the application

Add a helm chart for deploying into a kubernetes cluster.

Should use sub charts for kafka and postgresql.

kafka and postgresql should use PVCs, may need to include a host path storage provisioner.

The current resource allocations do not always provide enough resources to enter a ready state within the startup probe time, either increase resources or probe thresholds.

tsvector PostgreSQL functionality is used for search matches, further evaluation should be done around

• Fuzzy matching from tri-grams
• Sorting

When searching with a search term that has multiple words (in a single term) the API returns a 500. Either handle this or reject with 400.

Setup DB Schema. Should handle the following

• Use JPA and Hibernate DAOs
• Have separate DTOs from DAOs used on REST API
• Handle seeding initial database state

As a developer I want a environment that gets updated when the main branch is updated and is continuously running to shake out any issues that don't show up in smoke tests. I do not want to allow a direct connection from a GitHub runner to this environment.

For a reason my plugin has changed the id to jsonschema2dataclass and has way better gradle support. Could you please apply new plugin?

Configure authentication for API. Leverage something simple to start with such as http basic or digest.

Credentials should be configurable.

Add unit test code coverage badge

Recommendations

Last analysis: May 07 | Next scheduled analysis: May 14

Open

✅ Nice work, you're all caught up!

Available

✅ Nothing yet, but I'm continuing to monitor your PRs.

Metrics

What would you like to see here? Let us know!

Resources

📚 Quick links
Pixee Docs | Codemodder by Pixee

🧰 Tools I work with
Sonar, CodeQL, Semgrep

🚀 Pixee CLI
The power of my codemods in your local development environment. Learn more

💬 Reach out
Feedback | Support

❤️ Follow, share, and engage with Pixee: GitHub | LinkedIn | Slack

Randomly generate any secrets needed for service connections at install time instead of using secrets in values.

Mitre is deprecating the JSON apis.

https://medium.com/@cve_program/legacy-cve-download-formats-will-be-phased-out-beginning-january-1-2024-13de552c9029

Evaluate options.

The top level readme does not currently include instructions on how to install via helm, add and cleanup any dated info.

Remove CI GitHub env object.

Tests currently rely on postgres hostname, this should be adjusted to automatically use spring active profiles to swap out properties when running in CI environment and change the default profile hostname for postgres back to localhost

Setup scaffolding for application

This includes:

• Gradle build
• Docker build (ability to spit out container and run it and get a primitive interface)
• UI Build
• docker-compose files for spinning up dependencies
• Test runners

Needs to occur before attaching CI actions

As a developer I would like to clean up smells identified by sonar and keep a clean score card: https://sonarcloud.io/project/issues?resolved=false&types=CODE_SMELL&id=curium-rocks_mitre-siphon

After getting things cleaned up and updated this exception is now being thrown in NVD job.

2022-12-11T21:16:59.514Z ERROR 1 --- [eduler_Worker-1] org.quartz.core.ErrorLogger              : Job (DEFAULT.NVDCVEComplete threw an exception.

org.quartz.SchedulerException: Job threw an unhandled exception.
	at org.quartz.core.JobRunShell.run(JobRunShell.java:213) ~[quartz-2.3.2.jar!/:na]
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) ~[quartz-2.3.2.jar!/:na]
Caused by: java.lang.NullPointerException: Cannot invoke "javax.persistence.EntityManager.unwrap(java.lang.Class)" because "this.entityManager" is null

Add automatic push of container build to docker hub. Use git hub actions to accomplish this.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Currently leveraging latest version in a few places instead of pinning versions. Ideally should move versions out to a variable and define once.

Add background task that executes at set intervals and size regardless of replica count and scrapes mitre cve information.

Background task should:

• be stateless to execute on any active container.
• push capture data into kafka to allow for resilient and distributed processing

Api does not have a versioning mechanism, IE api/v1/ api/v2.

Add an actor on the kafka mitre CVE data topic that normalizes the mitre CVE data and persists it into the service data store.

It should be:

• stateless except that it activates a kafka subscription and saves data into the data store
• operate in a high level consumer group fashion to distribute the load across container instances.

After getting everything cleaned up/updated the swagger UI page is throwing a 404 error when bringing up /swagger-ui.html when running in kubernetes.

Create a simple UI that displays the data available on the REST api

Expose mitre cvedata over a REST API

API should be:

• protected via authentication
• follow REST principals