-
As part of #260, we want to make it possible to discover more insights into our dependency tree, which allows us to make further analyses around how healthy the dependency may be. This introduces a new table, `dependency_health`, which contains fields of relevance, and will be expanded upon in the future. This also introduces the ability to sync the data, via Ecosyste.ms and OpenSSF Security Scorecards, using a new subcommand `dmd db generate dependency-health`. We can rely on Ecosyste.ms as the primary source of data, using pURL lookups to (hopefully) simplify the translation between package names. Ecosyste.ms exposes an OpenAPI spec we can auto-generate our client for, and as we only need a single operation in the API, we can use the new `include-operation-ids` configuration to tune the resulting output. Closes #260.
0d842053
Loading