You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The UI is multi-customer. Each customer gets their own package + CVE data at `public/data/<customer>/<lang>/`. The active customer is shown as a pill in the navbar; to enable a full customer switcher, set `CUSTOMER_SWITCHER_ACTIVE = true` in `src/components/Navbar.tsx`.
@@ -110,6 +110,17 @@ Requires: `.env` loaded in your shell, AWS CLI logged in (`aws sso login`), Dock
110
110
111
111
> **Note:** Docker on this machine requires `--network host`. The scan scripts set this automatically.
112
112
113
+
### Rules — read before running anything
114
+
115
+
1.**Always run the fetch script before the scan script.** Never reuse a stale `catalog.json` from a previous session. The scan uses whatever packages are in `catalog.json` at the time it runs — if that file is old, the scan results are wrong.
116
+
117
+
2.**All fetch scripts use S3 redirect_map only.** Package names and versions are parsed directly from tarball/wheel/sdist filenames in the redirect_map keys. No registry API calls are made. Do not add registry calls — they cause rate-limiting (silent HTTP 403/404) that makes packages disappear without any error.
3.**Switching to a different org or customer:** change `LDPOV_ORG_ID` (or the equivalent `*_ORG_ID`) in `.env`, then re-run all three fetch scripts and all three scan scripts. Old data files for a different org must never be committed alongside new ones.
123
+
113
124
### LDPoV Python
114
125
115
126
```bash
@@ -160,9 +171,9 @@ Navigate to `/#/python`, `/#/javascript`, or `/#/java`. The root redirects to `/
160
171
161
172
| File | Language | Purpose |
162
173
|---|---|---|
163
-
|`fetch_ldpov_pypi.py`| Python |Crawl private PyPI index → `ldpov/python/catalog.json`|
0 commit comments