Skip to content

Add Live Evaluation API endpoint and PyPa live pipeline importer #1969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Add Live Evaluation API endpoint and PyPa live pipeline importer #1969

wants to merge 11 commits into from

Conversation

michaelehab
Copy link
Collaborator

@michaelehab michaelehab commented Jul 25, 2025
edited
Loading

Solves #1953 and #1902

  • Add PyPa live pipeline importer to fetch advisories affecting a single PURL
  • Add tests for PyPa live importer to test different scenarios and mock the GitHub API
  • Add a new API endpoint to run live evaluation importers
  • Add tests for the live evaluation API endpoint
image image

@michaelehab
Add PyPa live importer #1953
bd5c1f2 
* Add PyPa live pipeline importer to fetch advisories affecting a single PURL

* Add tests for PyPa live importer

Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab
Add Live Evaluation API endpoint #1902
d1a7cc1 
* Add a new API endpoint to run live evaluation importers

* Add tests for the live evaluation API endpoint

Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab
Merge branch 'main' into 1953-pypa-importer-package-first
7a34791
@michaelehab michaelehab changed the title Add PyPa live pipeline importer Add Live Evaluation API endpoint and PyPa live pipeline importer Jul 30, 2025
@michaelehab michaelehab requested a review from TG1999 July 30, 2025 13:00
michaelehab added a commit that referenced this pull request Aug 18, 2025
@michaelehab
Add GitHub OSV Live V2 Importer Pipeline #1904
c2e47ca 
* Add GitHub OSV Live V2 Importer

* Add tests for the GitHub OSV Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab michaelehab mentioned this pull request Aug 18, 2025
Open
michaelehab added a commit that referenced this pull request Aug 18, 2025
@michaelehab
Add Curl Live V2 Importer Pipeline #1918
5c8f008 
* Add Curl Live V2 Importer

* Add tests for the Curl Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab added a commit that referenced this pull request Aug 18, 2025
@michaelehab
Add Gitlab Live V2 Importer Pipeline #1903
79429df 
* Add Gitlab Live V2 Importer

* Add tests for the Gitlab Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab added a commit that referenced this pull request Aug 18, 2025
@michaelehab
Add NPM Live V2 Importer Pipeline #1936
d803c6a 
* Add NPM Live V2 Importer

* Add tests for the NPM Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab added a commit that referenced this pull request Aug 21, 2025
@michaelehab
Add Elixir Security Live V2 Importer Pipeline #1933
e6152cf 
* Add Elixir Security Live V2 Importer

* Add tests for the Elixir Security Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
michaelehab added a commit that referenced this pull request Aug 21, 2025
@michaelehab
Add Postgres Live V2 Importer Pipeline #1980
3f17fca 
* Add Postgres Live V2 Importer

* Add tests for the Postgres Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab michaelehab mentioned this pull request Aug 21, 2025
Open
michaelehab added a commit that referenced this pull request Aug 21, 2025
@michaelehab
Add PySec Live V2 Importer Pipeline #1981
f88c543 
* Add PySec Live V2 Importer

* Add tests for the PySec Live V2 Importer

* Tested functionally using the Live Evaluation API in #1969

Signed-off-by: Michael Ehab Mikhail <[email protected]>
This was referenced Aug 21, 2025
Open
Open
@michaelehab
Change Live Evaluation API to use RQ #1953
ba3b3c1 
Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab
Copy link
Collaborator Author

@keshav-space @TG1999 I worked on modifying the Live Evaluation API based on recent discussions. Currently, the live evaluation API enqueues jobs to the "live" rq, when we have workers listening to it, the live evaluation becomes async.
image
I also added a LivePipelineRun model to help group live pipeline runs for a given live evaluation submission. We return the live run id in the live evaluation API and the user can use this live run id to check the current state of the given live evaluation request, seeing even details about which live importers ran and their current state.
image

keshav-space
keshav-space requested changes Sep 2, 2025
View reviewed changes
Copy link
Member

@keshav-space keshav-space left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @michaelehab , see a few suggestions. Also this needs an update in our docker compose for new live evaluation worker.

@michaelehab
Address PR Review Comments #1953
54a7d8b 
Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab
Fix Live Evaluation API tests #1953
5d4312b 
Signed-off-by: Michael Ehab Mikhail <[email protected]>
@michaelehab
Fix Live Evaluation API tests #1953
15868de 
Signed-off-by: Michael Ehab Mikhail <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keshav-space keshav-space keshav-space requested changes

@TG1999 TG1999 Awaiting requested review from TG1999

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michaelehab @keshav-space