caching valid license list

Author: timbastin

cmd/devguard/api/api.go

@@ -676,13 +676,13 @@ func BuildRouter(db core.DB) *echo.Echo {
 	firstPartyVulnRouter.POST("/:firstPartyVulnID/mitigate/", firstPartyVulnController.Mitigate, neededScope([]string{"manage"}), projectScopedRBAC(core.ObjectAsset, core.ActionUpdate))
 	firstPartyVulnRouter.GET("/:firstPartyVulnID/events/", vulnEventController.ReadAssetEventsByVulnID)
 
-	assetVersionRouter.POST("/license-risk/", licenseRiskController.Create)
+	assetVersionRouter.POST("/license-risks/", licenseRiskController.Create)
 	licenseRiskRouter := assetVersionRouter.Group("/license-risks")
 	licenseRiskRouter.GET("/", licenseRiskController.ListPaged)
 	licenseRiskRouter.GET("/:licenseRiskID/", licenseRiskController.Read)
 	licenseRiskRouter.POST("/:licenseRiskID/", licenseRiskController.CreateEvent, neededScope([]string{"manage"}), projectScopedRBAC(core.ObjectAsset, core.ActionUpdate))
 	licenseRiskRouter.POST("/:licenseRiskID/mitigate", licenseRiskController.Mitigate, neededScope([]string{"manage"}), projectScopedRBAC(core.ObjectAsset, core.ActionUpdate))
-	licenseRiskRouter.POST("/:licenseRiskID/finalLicenseDecision", licenseRiskController.MakeFinalLicenseDecision, neededScope([]string{"manage"}), projectScopedRBAC(core.ObjectAsset, core.ActionUpdate))
+	licenseRiskRouter.POST("/:licenseRiskID/final-license-decision", licenseRiskController.MakeFinalLicenseDecision, neededScope([]string{"manage"}), projectScopedRBAC(core.ObjectAsset, core.ActionUpdate))
 
 	routes := server.Routes()
 	sort.Slice(routes, func(i, j int) bool {

internal/core/compliance/attestation-compliance-policies

@@ -168,7 +168,7 @@ func (s *service) GetAndSaveLicenseInformation(assetVersion models.AssetVersion,
 		}
 	}
 
-	//why are we only getting new licenses and not updating existing ones?
+	//why are we only getting new licenses and not updating existing ones? - licenses shouldn't change after once they are set
 	slog.Info("getting license information for components", "amount", len(componentsWithoutLicense))
 	errGroup := utils.ErrGroup[models.Component](10)
 	for _, component := range componentsWithoutLicense {

internal/core/component/component_service.go

@@ -19,9 +19,9 @@ type LicenseRiskService struct {
 	vulnEventRepository   core.VulnEventRepository
 }
 
-func NewLicenseRiskService(licenseRiskReposiory core.LicenseRiskRepository, vulnEventRepository core.VulnEventRepository) *LicenseRiskService {
+func NewLicenseRiskService(licenseRiskRepository core.LicenseRiskRepository, vulnEventRepository core.VulnEventRepository) *LicenseRiskService {
 	return &LicenseRiskService{
-		licenseRiskRepository: licenseRiskReposiory,
+		licenseRiskRepository: licenseRiskRepository,
 		vulnEventRepository:   vulnEventRepository,
 	}
 }
@@ -86,8 +86,13 @@ func (service *LicenseRiskService) FindLicenseRisksInComponents(assetVersion mod
 	return nil
 }
 
+var validOSILicenses []string = make([]string, 0)
+
 func GetOSILicenses() ([]string, error) {
-	var validOSILicenses []string
+	if len(validOSILicenses) > 0 {
+		return validOSILicenses, nil
+	}
+
 	apiURL := os.Getenv("OSI_LICENSES_API")
 	if apiURL == "" {
 		return nil, fmt.Errorf("could not get the URL of the OSI API, check the OSI_LICENSES_API variable in your .env file")