vulnera icon indicating copy to clipboard operation
vulnera copied to clipboard
verified publisher icon NodeSecure

Merging multiple strategies in one ?

Open fraxken opened this issue 3 years ago • 2 comments

Hello 👋,

One of the thing to explore is to merge multiple strategies in one to maybe get a better end results ?

Any ideas are welcome.

fraxken avatar Mar 05 '22 16:03 fraxken

Hi, it would be awesome to merge all available strategies. I'll probably try to take a look at a basic implementation of a merging feature.

Given that we managed to introduce a NodeSecure standard vulnerability format, we could try to fetch everything at once and aggregate the results of each strategy hydratation. Imo the biggest challenge is to keep a consistent version of all vulnerabilities without introducing duplicated dependencies. What are your thoughts about that?

antoine-coulon avatar Mar 10 '22 12:03 antoine-coulon

Still not sure what to do if we have two times the same CVE but with different criticity etc.. What do we pick then ? Like i feel at some point we have to say that some strategy have a higher priority for example.

Also they are not always working the same way.. merging probably mean being capable to abstract enough (could become dangerous with time and the addition of new strategies).

fraxken avatar Mar 18 '22 19:03 fraxken

Closing this issue, I think that idea is quite hard to execute and probably not briging much value

fraxken avatar Jul 07 '24 01:07 fraxken