FLOP:CPE tagger

From Funtoo
Revision as of 09:18, December 6, 2020 by Mrl5 (talk | contribs)
Jump to navigation Jump to search
Created on
2020/04/15
Original Author(s)
mrl5
Git sources (for cloning)
Link
Status

Funtoo Linux Optimization Proposal: CPE tagger

lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable

By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. By using proper design, this can be integrated with https://code.funtoo.org/bitbucket/users/drobbins/repos/funtoo-metatools/browse

Steps:

1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse

   1.1. Store it as JSON files: https://github.com/mrl5/metarepo-cpe-tag/issues/1
   1.2. Store it in mongodb: https://github.com/mrl5/metarepo-cpe-tag/issues/2

2. Create a reliable CPE tagger:

   2.1. https://github.com/mrl5/metarepo-cpe-tag/issues/5
   2.2. https://github.com/mrl5/metarepo-cpe-tag/issues/6

3. Handle updates:

   3.1. https://github.com/mrl5/metarepo-cpe-tag/issues/3
   3.2. https://github.com/mrl5/metarepo-cpe-tag/issues/4

Issue tracker:

- https://github.com/mrl5/metarepo-cpe-tag/issues

Related FLOPs:

- https://www.funtoo.org/FLOP:CVE_Monitoring