Skip to content

πŸ—ƒοΈ [Feature Request]: Implement Vulnerability Database Service for Vulnera PluginΒ #18

Open
Feature
Open
πŸ—ƒοΈ [Feature Request]: Implement Vulnerability Database Service for Vulnera Plugin#18
Feature
Labels
enhancementNew feature or requestgood first issueGood for newcomerspluginsvulnera
@Einswilli

Description

@Einswilli
Einswilli
opened on Sep 12, 2025

The Vulnera dependency scanner currently lacks a vulnerability database to check dependencies against. We need to implement a vulnerability database service that can be queried with package names and versions to return known vulnerabilities. This service should support multiple backends (local database, external APIs) and provide a consistent interface for vulnerability lookups.

🎯 Goals

  • Provide vulnerability lookup functionality for dependency scanning
  • Support multiple data sources (local DB, external APIs)
  • Offer offline capability with local database fallback
  • Ensure fast query performance for large dependency sets
  • Maintain data freshness with update mechanisms

πŸ”§ Core Interface

# valkyrie/plugins/vulnera/db.py
class VulnerabilityDB(ABC):
    """Abstract base class for vulnerability databases."""
    
    @abstractmethod
    async def query(self, package_name: str, version: str) -> List[VulnerabilityInfo]:
        """Query vulnerabilities for a specific package version."""
        pass
    
    @abstractmethod
    async def query_bulk(self, packages: List[Tuple[str, str]]) -> Dict[str, List[VulnerabilityInfo]]:
        """Query vulnerabilities for multiple packages."""
        pass
    
    @abstractmethod
    async def update(self) -> bool:
        """Update the vulnerability database."""
        pass

πŸ“Š Data Sources to Support

Primary Targets:

  • OSV (Open Source Vulnerabilities) API - Comprehensive open source database
  • NVD (National Vulnerability Database) API - Official CVE database
  • GitHub Advisory Database - GitHub's vulnerability data
  • Local SQLite or Json cache - For offline operation

βœ… Acceptance Criteria

  • VulnerabilityDB interface defined and implemented
  • At least 2 data sources supported (e.g., OSV API + local SQLite)
  • Bulk query support for efficient scanning
  • Caching mechanism to reduce API calls
  • Update functionality to keep data fresh
  • Comprehensive tests covering all functionality
  • Error handling for network issues and data parsing
  • Configuration options for API keys and database paths

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomerspluginsvulnera

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions