A tool to monitor the status of vulnerability RA services
vuln-status --help
usage: vuln-status [-h] --service SERVICE --commit COMMIT [--git-access-token GIT_ACCESS_TOKEN]
Vulnerability RA Status
options:
-h, --help show this help message and exit
--service SERVICE Service to check. Must be one of:[athena-vuln-eval, athena-redis-cacheloader, athena-redis, vuln-cr-poller, vuln-gcr-poller, vuln-evaluator, vuln-scan-runner, vuln-scanner, vuln-cve-fixes-aggr]
--commit COMMIT commit id
--github-access-token GITHUB_ACCESS_TOKEN
Github access tokenThis will check the status of the commit. The status will be printed to the console and will be one of:
- PRODUCTION: The commit is in production.
- PRE-PRODUCTION: The commit is in pre-production.
- SHADOW: The commit is in shadow.
- POST_MERGE: The commit is in post-merge.
- ON_MERGE: The commit is in on-merge.
- UNKNOWN: The commit is not in any of the above states.
- As an environment variable.
export GITHUB_ACCESS_TOKEN=<your_github_access_token>- As a command line argument.
vuln-status --service athena-vuln-eval --commit 8057d85 --git-access-token <GITHUB_ACCESS_TOKEN>- Git
- Github Access Token with Repo Read Access, see here.
- Python 3.10
The easiest way to get started is to use the Makefile.
make help
make setup
make lint
make testFirst setup a python virtual environment. This is important to do as it will stop your development environment packages from clashing with you local Python.
# Install venv if not already created
python3 -m pip install venv
# Create a virtual environment
python3 -m venv venv
# Activate you virtual environment
source venv/bin/activate
# Note to deactivate later use:
deactivateNow when you use Python it will be pointing to the one in your virtual environment
Python 3.10 is required.
python -m pip install -r requirements-dev.txtpython -m pip install . --force-reinstallTo ensure the project remains readable and maintainable there are a number of "safety checks" in place that will prevent you from merging you code into the main codebase if they catch a problem.
Enforces PEP8 Style guidelines through Flake8. This ensures code remains readable and in compliance with Python coding styles.
To run a linter check on your code with Flake8 run the following from the base directory:
flake8 --docstring-convention numpy vulnerability_ra_statusAs Python is a dynamically-typed language it is easy to introduce bugs into a project around the expected input and output types. Due to Python being dynamically-typed these 'bugs' would only be found at runtime, and only if we hit that line of code, which can be problematic. In order to reduce this problem and minimize those types of bugs enforces "Type Hinting" through MyPy. MyPy will scan the project and identify any discrepancies in the typing.
To run MyPy and validate type hinting on your code run the following from the base directory:
mypy vulnerability_ra_statusTo ensure the tool is as usable as possible we write and execute unit tests across all packages of the project. Tests are written using PyTest. Any new code added must have some unit tests validating its functionality. This is enforced through code coverage tools to ensure a certain level of coverage is maintained.
To run tests, run the following:
pytestTo run code coverage with your test execution:
coverage run -m pytest
# Produce a html report for easy viewing and reading in your browser
coverage html| Service | pre-merge | on-merge | post-merge | shadow | pre-prod | production |
|---|---|---|---|---|---|---|
| Vulnerability | ||||||
| vuln-eval | ||||||
| athena-redis-db | ||||||
| vuln-scanner | ||||||
| vuln-cve-fixes-aggr | ||||||
| vuln-cr-poller | ||||||
| vuln-evaluator |
| Project | prodn1 | prodn2 | prodn3 | euprodn1 | auprodn1 |
|---|---|---|---|---|---|
| athena-redis-db | |||||
| vuln-scanner | |||||
| vuln-cve-fixes-aggr | |||||
| vuln-cr-poller | |||||
| vuln-gcr-poller | |||||
| vuln-evaluator |