feat: VEX document support #93
Conversation
Signed-off-by: Ilona Shishov <[email protected]>
Signed-off-by: Ilona Shishov <[email protected]>
zvigrinberg
left a comment
zvigrinberg
left a comment
There was a problem hiding this comment.
Hi @IlonaShishov Very good job!.
I Have few minor comments, PTAL.
Thanks!
| List<Document> outputDocs = objectMapper.readValue(report.get("output").toPrettyString(), | ||
| new TypeReference<List<Document>>() { | ||
| Document outputDoc = objectMapper.readValue(report.get("output").toPrettyString(), | ||
| new TypeReference<Document>() { |
There was a problem hiding this comment.
@IlonaShishov TypeReference is usually for deserializing json arrays of objects into Collections that contains POJOs, In that case, you can use POJO Document.class directly for de-serialization.
| quarkus.rest-client.morpheus.url=https://agent-morpheus:8080/generate | ||
| %dev.quarkus.rest-client.morpheus.url=http://localhost:26466/generate | ||
| quarkus.rest-client.component-syncer.url=http://job-sink.knative-eventing.svc.cluster.local/exploit-iq-nat/component-syncer | ||
| quarkus.rest-client.component-syncer.url=http://job-sink.knative-eventing.svc.cluster.local/${NAMESPACE}/component-syncer |
There was a problem hiding this comment.
Good catch @IlonaShishov , putting it as exploit-iq-nat by default is not flexible and requires manual update in config all the time.
The best way and easiest way to address this is using Downward API ( how we currently do it in the main deployment located in the vulnerability-analysis repo. in the client deployment there).
Can you please take it from here:
And copy it to here for the sake of good order:
This PR introduces vex generation support.
Including changes to support new output schema containing vex document.
Displays and provide a download option for the generated VEX document.