Skip to content

Commit 5643a89

Browse files
committed
Use a symbolic link for PIPELINES-AVID.rst to fix CI docs
Update Pipeline AVID Mapping Fix typos in the documentation Signed-off-by: ziad hany <ziadhany2016@gmail.com>
1 parent b67f932 commit 5643a89

4 files changed

Lines changed: 126 additions & 137 deletions

File tree

PIPELINES-AVID.rst

Lines changed: 120 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -1,76 +1,143 @@
1-
.. list-table:: Pipeline Advisory UID Mapping
1+
.. _pipeline_avid_mapping:
2+
3+
Pipelines AVID Mapping
4+
=========================
5+
6+
- An ``advisory`` represents data obtained from an upstream source and
7+
transformed into structured data that describes a known vulnerability.
8+
9+
Each advisory has an upstream Advisory ID (for example,
10+
``CVE-2026-23918`` or ``GHSA-6xcx-gx7r-rccj``) that uniquely identifies it
11+
within its datasource.
12+
13+
- An ``AVID`` is the unique identifier for the datasource used for this
14+
advisory (for example, ``nvd`` or ``github_osv``).
15+
16+
A pipeline AVID is constructed by combining the pipeline identifier with the
17+
upstream Advisory ID ``datasource_id/advisory_id``. For example:
18+
19+
.. code-block:: text
20+
21+
github_osv/GHSA-6xcx-gx7r-rccj
22+
nvd/CVE-2026-23918
23+
24+
The following table describes how each pipeline constructs its AVID.
25+
26+
.. list-table:: Pipeline AVID Mapping
227
:header-rows: 1
3-
:widths: 35 65
28+
:widths: 30 30 40
429

530
* - pipeline name
6-
- Advisory UID
7-
- datasource name
8-
* - alpine_linux_importer_v2
9-
- {package_name}/{distroversion}/{version}/{vulnerability_id}
10-
- alpine_linux
11-
* - aosp_dataset_fix_commits
12-
- CVE ID of the record
13-
* - apache_httpd_importer_v2
14-
- CVE ID of the record
15-
* - apache_kafka_importer_v2
16-
- CVE ID of the record
17-
* - apache_tomcat_importer_v2
18-
- {page_id}/{cve_id}
31+
- datasource_id
32+
- advisory_id
1933
* - archlinux_importer_v2
34+
- archlinux
2035
- AVG ID of the record
21-
* - curl_importer_v2
22-
- CURL-CVE ID of the record
23-
* - debian_importer_v2
24-
- {package_name}/{debian_record_id}
36+
* - apache_kafka_importer_v2
37+
- apache_kafka
38+
- CVE ID of the record
39+
* - nvd_importer_v2
40+
- nvd
41+
- CVE ID of the record
2542
* - elixir_security_importer_v2
43+
- elixir_security
2644
- {package_name}/{file_id}
27-
* - epss_importer_v2
45+
* - npm_importer_v2
46+
- npm
47+
- NPM-<ID>
48+
* - vulnrichment_importer_v2
49+
- vulnrichment
2850
- CVE ID of the record
29-
* - fireeye_importer_v2
30-
- {file_id}
31-
* - gentoo_importer_v2
32-
- GLSA ID of the record
33-
* - github_osv_importer_v2
34-
- ID of the OSV record
51+
* - apache_httpd_importer_v2
52+
- apache_httpd
53+
- CVE ID of the record
54+
* - pypa_importer_v2
55+
- pypa
56+
- {package_name}/{ID of the OSV record}
3557
* - gitlab_importer_v2
58+
- gitlab
3659
- Identifier of the GitLab community advisory record
60+
* - pysec_importer_v2
61+
- pysec
62+
- ID of the OSV record
63+
* - xen_importer_v2
64+
- xen
65+
- XSA-<ID>
66+
* - curl_importer_v2
67+
- curl
68+
- CURL-CVE ID of the record
69+
* - oss_fuzz_v2
70+
- oss_fuzz
71+
- ID of the OSV record
3772
* - istio_importer_v2
73+
- istio
3874
- ISTIO-SECURITY-<ID>
39-
* - mattermost_importer_v2
40-
- MMSA-<ID>
41-
* - mozilla_importer_v2
42-
- MFSA-<ID>
43-
* - nginx_importer_v2
44-
- First alias of the record
45-
* - nodejs_security_wg
46-
- NPM-<ID>
47-
* - nvd_importer_v2
48-
- CVE ID of the record
49-
* - openssl_importer_v2
50-
- CVE ID of the record
51-
* - oss_fuzz_importer_v2
52-
- ID of the OSV record
5375
* - postgresql_importer_v2
76+
- postgresql
5477
- CVE ID of the record
55-
* - project-kb-msr-2019_v2
56-
- Vulnerability ID of the record
57-
* - project-kb-statements_v2
58-
- Vulnerability ID of the record
59-
* - pypa_importer_v2
60-
- {package_name}/{ID of the OSV record}
61-
* - pysec_importer_v2
78+
* - mozilla_importer_v2
79+
- mozilla
80+
- MFSA-<ID>
81+
* - github_osv_importer_v2
82+
- github_osv
6283
- ID of the OSV record
6384
* - redhat_importer_v2
85+
- redhat
6486
- RHSA ID of the record
65-
* - retiredotnet_importer_v2
66-
- retiredotnet-{file_id}
87+
* - aosp_importer_v2
88+
- aosp_dataset
89+
- CVE ID of the record
90+
* - project_kb_statements_importer_v2
91+
- project-kb-statements_v2
92+
- CVE ID of the record
93+
* - project_kb_msr2019_importer_v2
94+
- project_kb_msr2019
95+
- CVE ID of the record
6796
* - ruby_importer_v2
97+
- ruby_advisory_db
6898
- {file_id}
69-
* - suse_importer_v2
99+
* - epss_importer_v2
100+
- epss
101+
- CVE ID of the record
102+
* - gentoo_importer_v2
103+
- gentoo
104+
- GLSA ID of the record
105+
* - nginx_importer_v2
106+
- nginx
107+
- First alias of the record
108+
* - debian_importer_v2
109+
- debian
110+
- {package_name}/{debian_record_id}
111+
* - mattermost_importer_v2
112+
- mattermost
113+
- MMSA-<ID>
114+
* - glibc_importer_v2
115+
- glibc
116+
- GLIBC-SA-<ID>
117+
* - apache_tomcat_importer_v2
118+
- apache_tomcat
119+
- {page_id}/{cve_id}
120+
* - suse_score_importer_v2
121+
- suse_score
70122
- CVE ID of the record
123+
* - retiredotnet_importer_v2
124+
- retiredotnet
125+
- retiredotnet-{file_id}
71126
* - ubuntu_osv_importer_v2
127+
- ubuntu_osv
72128
- ID of the OSV record
73-
* - vulnrichment_importer_v2
129+
* - alpine_linux_importer_v2
130+
- alpine
131+
- {package_name}/{distroversion}/{version}/{vulnerability_id}
132+
* - linux_kernel_importer_v2
133+
- linux_kernel
74134
- CVE ID of the record
75-
* - xen_importer_v2
76-
- XSA-<ID>
135+
* - openssl_importer_v2
136+
- openssl
137+
- CVE ID of the record
138+
* - fireeye_importer_v2
139+
- fireeye
140+
- {file_id}
141+
* - collect_{repo_name}_fix_commits
142+
- {repo_name}_fix_commits
143+
- CVE ID / GHSA ID of the record

docs/source/PIPELINES-AVID.rst

Lines changed: 0 additions & 79 deletions
This file was deleted.

docs/source/PIPELINES-AVID.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../../PIPELINES-AVID.rst

docs/source/index.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ VulnerableCode Documentation
4747
*VulnerableCode* provides a Web UI and API to access a database of known software package
4848
vulnerabilities with comprehensive information from upstream and downstream public
4949
sources including packages affected by a vulnerability advisories and packages that fix a
50-
vulnerability.
50+
vulnerability advisory.
5151

5252
There is a `public vulnerableCode database <https://public.vulnerablecode.io/>`_
5353
and the project also provides the tools to build your own instance of the database.
@@ -98,7 +98,7 @@ Reference documentation for VulnerableCode features and customizations.
9898
- :ref:`reference_model_overview`
9999
- :ref:`command_line_interface`
100100
- :ref:`importers_link`
101-
- :ref:`pipelines_avid`
101+
- :ref:`pipeline_avid_mapping`
102102

103103
.. rst-class:: column column2 bottom-right
104104

docs/source/introduction.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,9 @@ Why VulnerableCode?
3939
-------------------
4040

4141
VulnerableCode provides open correlated data and will support curated
42-
data. Our approach is to prioritize upstream data sources and to merge multiple
43-
vulnerability data sources after comparison and correlation. The vulnerability
44-
data is keyed by Package URL ensuring quick and accurate lookup with minimal
42+
data. Our approach is to prioritize upstream data sources and to group multiple
43+
vulnerability advisory data sources after comparison and correlation. The vulnerability
44+
advisory data is keyed by Package URL ensuring quick and accurate lookup with minimal
4545
friction. We continuously validate and refine the collected data for
4646
quality, accuracy and consistency using "improver" jobs.
4747
An example is an improver that can validate that a package version reported as

0 commit comments

Comments
 (0)