Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC: Knowledge Base #365

Open
Jeeppler opened this issue Sep 14, 2020 · 1 comment
Open

PoC: Knowledge Base #365

Jeeppler opened this issue Sep 14, 2020 · 1 comment
Assignees
@Jeeppler
Labels
enhancement New feature or request report

Comments

@Jeeppler
Copy link
Member

Create a proof of concept of a knowledge base implementation. The knowledge based will be used to add links to articles to the SecHub report. The objective is: to help developers to better understand the findings in the SecHub report.

sechubreportitem

Fundamental Concept

The knowledge base is based on two major components resources and taxonomies.

data_model

Each taxonomy consists of taxa. In theory one could link each taxon directly with a resource. However, resources can be written with a specific programming language in mind, therefore it is beneficial to link each taxon first to the programming language and from there to the actual resource. A default element all is used to link to content which is written with no specific programming language in mind. In both cases, the taxon is linked with resources. Each resource has several meta data attributes associated with it:

  • URL
  • human language (ISO 639, e.g. ISO 639-1)
  • title
  • last visited?
  • hash of content?

Attributes such as the human language the content is written in can help to filter resources.

Simplified

The knowledge base is a curated list of links connected to a taxonomy. It is assumed that the report of the scanner contains a reference to a taxonomy and can therefore be linked to the knowledge base.

Advantages

  • The SecHub user can have more resources in the report.
  • The knowledge base data model is flexible.
  • Resources can be filtered by attributes. For example, the language.
  • All SecHub users can improve the knowledge base.
  • Scanner which use their own taxonomy can be supported.
  • The knowledge base is curated and therefore a certain level of quality can be ensured.

Problems

  • There could be too many resources in the knowledge base. As a result the knowledge base can become difficult to maintain.
  • Review of content in foreign languages is difficult.
  • Moving or disappearing links can be a problem. An issue known as link rot.
  • Content of linked external web pages could change.
  • Users might find the resources difficult to understand.
  • Users might reject the knowledge base, because they do not solve their specific finding problem.

Jeremias Eppler jeremias.eppler@daimler.com, Daimler TSS GmbH, imprint
@Jeeppler Jeeppler self-assigned this Sep 14, 2020
@Jeeppler Jeeppler added enhancement New feature or request report labels Sep 14, 2020
@Jeeppler
Copy link
Member Author

  • The link rot problem can be solved by linking to the web archive.
  • An automatic crawler could be used to see if content has changed, moved or disappeared.

This was referenced Dec 17, 2020
Open
Open
@Jeeppler Jeeppler mentioned this issue Feb 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jeeppler Jeeppler

Labels
enhancement New feature or request report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jeeppler