Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The minimum quality bar is sustainably enforced by OSV.dev #2188

Open
andrewpollock opened this issue May 9, 2024 · 2 comments
Open

The minimum quality bar is sustainably enforced by OSV.dev #2188

andrewpollock opened this issue May 9, 2024 · 2 comments
Assignees
@andrewpollock

Comments

@andrewpollock
Copy link
Contributor

Records below the quality bar are not imported into or exported by OSV.dev
@andrewpollock andrewpollock self-assigned this May 9, 2024
@evverx evverx mentioned this issue Jul 8, 2024
Merged
This was referenced Jul 28, 2024
Open
Open
@andrewpollock andrewpollock moved this from Todo to In Progress in OSV Data Quality Program Nov 7, 2024
@andrewpollock
Copy link
Contributor Author

#2582 and #2766 are the first parts of this work

andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Nov 7, 2024
@andrewpollock
feat(importer): prepare for selective strict mode enablement (staging)
4380cfc 
This commit explicitly sets strict mode on a per-repository basis. This
change is a no-op until the importer's `--strict_validation` flag is
also set to True, and it will then be a no-op for all sources other than
the `cve-osv` one where we can trial having it enabled.

Part of google#2188
@andrewpollock andrewpollock mentioned this issue Nov 7, 2024
Merged
andrewpollock added a commit that referenced this issue Nov 8, 2024
@andrewpollock
feat(importer): prepare for selective strict mode enablement (staging) (
d58c1f6 
#2837)

This commit explicitly sets strict mode on a per-repository basis. This
change is a no-op until the importer's `--strict_validation` flag is
also set to True, which will still then be a no-op for all sources other
than `cve-osv` where we can trial having it enabled.

Part of #2188
andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Nov 8, 2024
@andrewpollock
feat(importer): enable strict validation in staging
995f365 
This only impacts sources that have `strict_validation` enabled for
them, such as in google#2837

Part of google#2188
@andrewpollock andrewpollock mentioned this issue Nov 8, 2024
Merged
andrewpollock added a commit that referenced this issue Nov 13, 2024
@andrewpollock
feat(importer): enable strict validation in staging (#2841)
7ca2f49 
This only impacts sources that have `strict_validation` enabled for
them, such as in #2837

Part of #2188
andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Nov 26, 2024
@andrewpollock
chore(sources): explicitly set strict validation to false in Production
a7f2560 
This replicates staging's explicit per-source setting of strict
validation to false and harmonises a few unnecessary divergences that
have crept in between the two files.

Part of google#2191 and google#2188
andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Nov 26, 2024
@andrewpollock
chore(sources): explicitly set strict validation to false in Production
bc0ab2c 
This replicates staging's explicit per-source setting of strict
validation to false and harmonises a few unnecessary divergences that
have crept in between the two files.

Part of google#2191 and google#2188
@andrewpollock andrewpollock mentioned this issue Nov 26, 2024
Merged
andrewpollock added a commit that referenced this issue Nov 26, 2024
@andrewpollock
chore(sources): explicitly set strict validation to false in Producti…
005a71b 
…on (#2899)

This replicates staging's explicit per-source setting of strict
validation to false and harmonises a few unnecessary divergences that
have crept in between the two files.

Part of #2191 and #2188
@andrewpollock andrewpollock mentioned this issue Dec 1, 2024
Open
andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Dec 1, 2024
@andrewpollock
feat: pilot enabling strict mode on all JSON Schema compliant sources
c355aa3 
This enables strict mode in the OSV.dev staging environment for all
sources in staging that have been deemed already be publishing 100% OSV
JSON Schema compliant records already, with the notable exception of the
RustSec Advisory Database due to rustsec/advisory-db#2135

Part of google#2188
@andrewpollock andrewpollock mentioned this issue Dec 1, 2024
Merged
andrewpollock added a commit that referenced this issue Dec 2, 2024
@andrewpollock
feat: pilot enabling strict mode on all JSON Schema compliant sources (
da895ff 
…#2943)

This enables strict mode in the OSV.dev staging environment for all
sources in staging that have been deemed already be publishing 100% OSV
JSON Schema compliant records, with the notable exception of the RustSec
Advisory Database due to
rustsec/advisory-db#2135 and the inclusion of
PyPA despite pypa/advisory-database#217
(because of pypa/advisory-database#208)

Part of #2188
@andrewpollock
Copy link
Contributor Author

Status Update

Piloting JSON Schema compliance enforcement in Staging for all sources (except RustSec Advisory DB until rustsec/advisory-db#2135 gets addressed)

Next Steps

  • Assess effectiveness and enable for Production
  • Integrate OSV Linter with Importer

andrewpollock added a commit to andrewpollock/osv.dev that referenced this issue Dec 2, 2024
@andrewpollock
feat(worker): remove stale import findings for successful record
69d0bf6 
This adds functionality to the worker to clear any existing import
findings for a record that previously failed to import, but now does.
This avoids confusing historical findings existing for records that are
successfully importing now.

Part of google#2189 and google#2188
@andrewpollock andrewpollock mentioned this issue Dec 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpollock andrewpollock

Labels
None yet
Projects
OSV Data Quality Program
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewpollock