Description
Is your enhancement request related to a problem? Please describe.
When integrating DejaCode in CI pipelines it is currently unclear when you can start retrieving data from it, since there is no indicator whether scans have already concluded or if some are still running or only scheduled. Retrieving data right away won't work as the scan needs some time, but it is unclear ahead of time how much that will be.
It would be helpful if there is any API that would allow to query the status of SBOM imports for projects and for scans of packages.
What are the benefits of the requested enhancement?
Scripts in CI pipelines can check if the SBOM import and package scans have completed and only then try to check on the products status and e.g. try to retrieve the scan results of ScanCode.io (see #272 for the related enhancement request).
Describe the solution you would like
- An API endpoint to check the import status of a product
- Should probably return entries for all imports that have happened
- The following should be descernable: Import scheduled, import in progress, import completed (whether successful or otherwise)
- An API endpoint to check the scan status of a package
- The following should be descernable: No scan scheduled, scan scheduled, scan in progress, scan completed (and scan results available)
- (Optionally) An API to check the package scan status of a product and all its packages
The optimal solution would actually be DejaCode triggering the CI pipeline on completion, but unfortunately that would be very specific to the particular CI solution used (e.g. GitLab CI, GitHub Actions, Jenkins, ...) and thus almost certainly outside of scope
Additional notes
n.a.