Add V2_importer to collect advisories from EUVD

[Samk1710]

• Fixes: Collect EUVD data #1873

Data Source

• API: https://euvdservices.enisa.europa.eu/api/search
• Format: JSON with pagination

Dependent on :

• Add EUVD mirror pipeline aboutcode-mirror-euvd#1

Logs:

INFO 2025-11-25 23:53:04.724015 UTC Progress: 100% (452459/452459)
INFO 2025-11-25 23:53:04.735236 UTC Successfully collected 452,441 advisories
INFO 2025-11-25 23:53:04.735444 UTC Step [collect_and_store_advisories] completed in 23064 seconds (6.4 hours)

[ziadhany]

@Samk1710 Great start! Just a few small tweaks

[Samk1710]

@Samk1710 Great start! Just a few small tweaks

Thanks a lot @ziadhany for the review. Will make the changes as suggested.

[Samk1710]

Hey @ziadhany ,

I’ve pushed the requested updates. Summary of changes:

• Replaced broad exception handling with specific parsing-related exceptions.
• Updated the test to use util_tests.check_results_against_json along with expected JSON fixtures.
• Removed unbounded loops by using the API’s total count field to determine total number of pages.
• Simplified retry handling(Retains a fixed 3-second delay between retries to prevent rapid page skipping in case of network interruptions).

Let me know if you’d like any additional modifications. Thanks again for the feedback and guidance!

[Samk1710]

I have updated the License Expression and added sample test data from the EUVD API as suggested in today's call.

[Samk1710]

Hey @pombredanne @ziadhany
Since caching is not a feasible option, we could use the "total" field returned by the API to populate the total advisories count in advisories_count function.

"total": 452844

This would mean the importer would take 5-6 hours and fetch data(only once) in collect_advisories.

[ziadhany]

@Samk1710 Yes, we can use the total field. Since we know the total number of advisories, we can iterate over the endpoint using either the date or the advisory count, if that’s available.

the time isn’t a big issue to get all the available data in under a couple of hours.

[Samk1710]

@Samk1710 Yes, we can use the total field. Since we know the total number of advisories, we can iterate over the endpoint using either the date or the advisory count, if that’s available.

the time isn’t a big issue to get all the available data in under a couple of hours.

yes the date field is available in the API response and if time(5-6 hours) ain't a issue, this would be the simplest approach to avoid double fetching and caching will not be required. Shall I move forward with this approach?

[keshav-space]

@Samk1710 here is the repo for the EUVD mirror https://github.com/aboutcode-org/aboutcode-mirror-euvd. For data collection script take a look at the pipeline here https://github.com/aboutcode-org/aboutcode-mirror-nuget-catalog/blob/main/sync_catalog.py. We want to do something similar for EUVD the script will be used in a workflow that will be almost identical to what we have here https://github.com/aboutcode-org/aboutcode-mirror-nuget-catalog/blob/main/.github/workflows/sync.yml

[Samk1710]

@Samk1710 here is the repo for the EUVD mirror https://github.com/aboutcode-org/aboutcode-mirror-euvd. For data collection script take a look at the pipeline here https://github.com/aboutcode-org/aboutcode-mirror-nuget-catalog/blob/main/sync_catalog.py. We want to do something similar for EUVD the script will be used in a workflow that will be almost identical to what we have here https://github.com/aboutcode-org/aboutcode-mirror-nuget-catalog/blob/main/.github/workflows/sync.yml

thanks a lot @keshav-space. will look into it

[Samk1710]

Hey, I have added a pipeline to mirror the EUVD advisories

aboutcode-org/aboutcode-mirror-euvd#1

Would look forward to a review so that I can continue this importer. Thanks a lot!

[Samk1710]

The product field is a little messy. We might need to drop some(less than 1 %).

For eg:

• https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-12722
• https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-16938
• https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-39960
• https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-8416