Skip to content

feat: add evict-stale-nvd-cache BEFORE_DOWNLOAD worker#67

Open
RemiBou wants to merge 1 commit into
mainfrom
claude/upbeat-easley-cf1520
Open

feat: add evict-stale-nvd-cache BEFORE_DOWNLOAD worker#67
RemiBou wants to merge 1 commit into
mainfrom
claude/upbeat-easley-cf1520

Conversation

@RemiBou

@RemiBou RemiBou commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Adds a new evict-stale-nvd-cache worker under samples/artifactory/BEFORE_DOWNLOAD/
  • On every BEFORE_DOWNLOAD event for remote repos, the worker fetches the NVD modified feed meta timestamp and compares it against the cached artifact's lastUpdated time in Artifactory
  • If the NVD feed is newer, the cached entry is deleted so Artifactory re-fetches fresh data; otherwise the download proceeds untouched
  • On any error the worker returns DOWNLOAD_WARN so downloads are never blocked

Test plan

  • npm test passes (5 specs: no cache, evict, keep fresh, NVD fetch failure, non-remote/folder skip)
  • Deploy to a staging environment targeting an NVD remote repo
  • Confirm eviction occurs after an NVD feed update
  • Confirm DOWNLOAD_WARN is returned when the NVD endpoint is unreachable

🤖 Generated with Claude Code

Introduces a worker that evicts stale Artifactory remote-cache entries
by comparing the NVD modified feed timestamp against the cached artifact's
lastUpdated time, ensuring clients always fetch fresh vulnerability data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant