Description
With the recent and excellent architectural overhaul of API v3 (specifically PR #2206 by @TG1999), the data delivery and pagination mechanisms are vastly improved. However, downstream consumers (SCA tools, enterprise users) still rely on a polling-based model to detect new advisories, which creates unnecessary database strain and delays remediation.
As part of my GSoC 2026 proposal, I am proposing an Event-Driven Threat Alerting Engine & API Security Gateway.
The architecture would introduce two core pillars:
- API v3 Security Gateway: Integrating
djangorestframework-api-key and custom DRF BaseThrottle classes to protect the new API v3 endpoints from bot-scraping and DDoS abuse.
- Real-Time Webhook Engine: Allowing users to subscribe to specific Package URLs (PURLs). When an Importer maps a new advisory to a subscribed PURL, a Celery-backed asynchronous worker dispatches a cryptographically signed (HMAC-SHA256) HTTP POST payload to the user's endpoint.
Why this matters
This transitions VulnerableCode from a passive database to an active threat-intel feed, drastically reducing polling load on the server while leveraging the existing Celery/Redis async topology.
I have drafted a full technical architecture and timeline for this epic. Before finalizing my GSoC submission, I would love to get your thoughts on this direction, specifically regarding the DRF API Key integration!
cc: @TG1999 @ziadhany @pombredanne
Description
With the recent and excellent architectural overhaul of API v3 (specifically PR #2206 by @TG1999), the data delivery and pagination mechanisms are vastly improved. However, downstream consumers (SCA tools, enterprise users) still rely on a polling-based model to detect new advisories, which creates unnecessary database strain and delays remediation.
As part of my GSoC 2026 proposal, I am proposing an Event-Driven Threat Alerting Engine & API Security Gateway.
The architecture would introduce two core pillars:
djangorestframework-api-keyand custom DRFBaseThrottleclasses to protect the new API v3 endpoints from bot-scraping and DDoS abuse.Why this matters
This transitions VulnerableCode from a passive database to an active threat-intel feed, drastically reducing polling load on the server while leveraging the existing Celery/Redis async topology.
I have drafted a full technical architecture and timeline for this epic. Before finalizing my GSoC submission, I would love to get your thoughts on this direction, specifically regarding the DRF API Key integration!
cc: @TG1999 @ziadhany @pombredanne