|
1 | | -.. list-table:: Pipeline Advisory UID Mapping |
| 1 | +.. _pipeline_avid_mapping: |
| 2 | + |
| 3 | +Pipelines AVID Mapping |
| 4 | +========================= |
| 5 | + |
| 6 | +- An ``advisory`` represents data obtained from an upstream source and |
| 7 | + transformed into structured data that describes a known vulnerability. |
| 8 | + |
| 9 | + Each advisory has an upstream Advisory ID (for example, |
| 10 | + ``CVE-2026-23918`` or ``GHSA-6xcx-gx7r-rccj``) that uniquely identifies it |
| 11 | + within its datasource. |
| 12 | + |
| 13 | +- An ``AVID`` is the unique identifier for the datasource used for this |
| 14 | + advisory (for example, ``nvd`` or ``github_osv``). |
| 15 | + |
| 16 | + A pipeline AVID is constructed by combining the pipeline identifier with the |
| 17 | + upstream Advisory ID ``datasource_id/advisory_id``. For example: |
| 18 | + |
| 19 | +.. code-block:: text |
| 20 | +
|
| 21 | + github_osv/GHSA-6xcx-gx7r-rccj |
| 22 | + nvd/CVE-2026-23918 |
| 23 | +
|
| 24 | +The following table describes how each pipeline constructs its AVID. |
| 25 | + |
| 26 | +.. list-table:: Pipeline AVID Mapping |
2 | 27 | :header-rows: 1 |
3 | | - :widths: 35 65 |
| 28 | + :widths: 30 30 40 |
4 | 29 |
|
5 | 30 | * - pipeline name |
6 | | - - Advisory UID |
7 | | - - datasource name |
8 | | - * - alpine_linux_importer_v2 |
9 | | - - {package_name}/{distroversion}/{version}/{vulnerability_id} |
10 | | - - alpine_linux |
11 | | - * - aosp_dataset_fix_commits |
12 | | - - CVE ID of the record |
13 | | - * - apache_httpd_importer_v2 |
14 | | - - CVE ID of the record |
15 | | - * - apache_kafka_importer_v2 |
16 | | - - CVE ID of the record |
17 | | - * - apache_tomcat_importer_v2 |
18 | | - - {page_id}/{cve_id} |
| 31 | + - datasource_id |
| 32 | + - advisory_id |
19 | 33 | * - archlinux_importer_v2 |
| 34 | + - archlinux |
20 | 35 | - AVG ID of the record |
21 | | - * - curl_importer_v2 |
22 | | - - CURL-CVE ID of the record |
23 | | - * - debian_importer_v2 |
24 | | - - {package_name}/{debian_record_id} |
| 36 | + * - apache_kafka_importer_v2 |
| 37 | + - apache_kafka |
| 38 | + - CVE ID of the record |
| 39 | + * - nvd_importer_v2 |
| 40 | + - nvd |
| 41 | + - CVE ID of the record |
25 | 42 | * - elixir_security_importer_v2 |
| 43 | + - elixir_security |
26 | 44 | - {package_name}/{file_id} |
27 | | - * - epss_importer_v2 |
| 45 | + * - npm_importer_v2 |
| 46 | + - npm |
| 47 | + - NPM-<ID> |
| 48 | + * - vulnrichment_importer_v2 |
| 49 | + - vulnrichment |
28 | 50 | - CVE ID of the record |
29 | | - * - fireeye_importer_v2 |
30 | | - - {file_id} |
31 | | - * - gentoo_importer_v2 |
32 | | - - GLSA ID of the record |
33 | | - * - github_osv_importer_v2 |
34 | | - - ID of the OSV record |
| 51 | + * - apache_httpd_importer_v2 |
| 52 | + - apache_httpd |
| 53 | + - CVE ID of the record |
| 54 | + * - pypa_importer_v2 |
| 55 | + - pypa |
| 56 | + - {package_name}/{ID of the OSV record} |
35 | 57 | * - gitlab_importer_v2 |
| 58 | + - gitlab |
36 | 59 | - Identifier of the GitLab community advisory record |
| 60 | + * - pysec_importer_v2 |
| 61 | + - pysec |
| 62 | + - ID of the OSV record |
| 63 | + * - xen_importer_v2 |
| 64 | + - xen |
| 65 | + - XSA-<ID> |
| 66 | + * - curl_importer_v2 |
| 67 | + - curl |
| 68 | + - CURL-CVE ID of the record |
| 69 | + * - oss_fuzz_v2 |
| 70 | + - oss_fuzz |
| 71 | + - ID of the OSV record |
37 | 72 | * - istio_importer_v2 |
| 73 | + - istio |
38 | 74 | - ISTIO-SECURITY-<ID> |
39 | | - * - mattermost_importer_v2 |
40 | | - - MMSA-<ID> |
41 | | - * - mozilla_importer_v2 |
42 | | - - MFSA-<ID> |
43 | | - * - nginx_importer_v2 |
44 | | - - First alias of the record |
45 | | - * - nodejs_security_wg |
46 | | - - NPM-<ID> |
47 | | - * - nvd_importer_v2 |
48 | | - - CVE ID of the record |
49 | | - * - openssl_importer_v2 |
50 | | - - CVE ID of the record |
51 | | - * - oss_fuzz_importer_v2 |
52 | | - - ID of the OSV record |
53 | 75 | * - postgresql_importer_v2 |
| 76 | + - postgresql |
54 | 77 | - CVE ID of the record |
55 | | - * - project-kb-msr-2019_v2 |
56 | | - - Vulnerability ID of the record |
57 | | - * - project-kb-statements_v2 |
58 | | - - Vulnerability ID of the record |
59 | | - * - pypa_importer_v2 |
60 | | - - {package_name}/{ID of the OSV record} |
61 | | - * - pysec_importer_v2 |
| 78 | + * - mozilla_importer_v2 |
| 79 | + - mozilla |
| 80 | + - MFSA-<ID> |
| 81 | + * - github_osv_importer_v2 |
| 82 | + - github_osv |
62 | 83 | - ID of the OSV record |
63 | 84 | * - redhat_importer_v2 |
| 85 | + - redhat |
64 | 86 | - RHSA ID of the record |
65 | | - * - retiredotnet_importer_v2 |
66 | | - - retiredotnet-{file_id} |
| 87 | + * - aosp_importer_v2 |
| 88 | + - aosp_dataset |
| 89 | + - CVE ID of the record |
| 90 | + * - project_kb_statements_importer_v2 |
| 91 | + - project-kb-statements_v2 |
| 92 | + - CVE ID of the record |
| 93 | + * - project_kb_msr2019_importer_v2 |
| 94 | + - project_kb_msr2019 |
| 95 | + - CVE ID of the record |
67 | 96 | * - ruby_importer_v2 |
| 97 | + - ruby_advisory_db |
68 | 98 | - {file_id} |
69 | | - * - suse_importer_v2 |
| 99 | + * - epss_importer_v2 |
| 100 | + - epss |
| 101 | + - CVE ID of the record |
| 102 | + * - gentoo_importer_v2 |
| 103 | + - gentoo |
| 104 | + - GLSA ID of the record |
| 105 | + * - nginx_importer_v2 |
| 106 | + - nginx |
| 107 | + - First alias of the record |
| 108 | + * - debian_importer_v2 |
| 109 | + - debian |
| 110 | + - {package_name}/{debian_record_id} |
| 111 | + * - mattermost_importer_v2 |
| 112 | + - mattermost |
| 113 | + - MMSA-<ID> |
| 114 | + * - glibc_importer_v2 |
| 115 | + - glibc |
| 116 | + - GLIBC-SA-<ID> |
| 117 | + * - apache_tomcat_importer_v2 |
| 118 | + - apache_tomcat |
| 119 | + - {page_id}/{cve_id} |
| 120 | + * - suse_score_importer_v2 |
| 121 | + - suse_score |
70 | 122 | - CVE ID of the record |
| 123 | + * - retiredotnet_importer_v2 |
| 124 | + - retiredotnet |
| 125 | + - retiredotnet-{file_id} |
71 | 126 | * - ubuntu_osv_importer_v2 |
| 127 | + - ubuntu_osv |
72 | 128 | - ID of the OSV record |
73 | | - * - vulnrichment_importer_v2 |
| 129 | + * - alpine_linux_importer_v2 |
| 130 | + - alpine |
| 131 | + - {package_name}/{distroversion}/{version}/{vulnerability_id} |
| 132 | + * - linux_kernel_importer_v2 |
| 133 | + - linux_kernel |
74 | 134 | - CVE ID of the record |
75 | | - * - xen_importer_v2 |
76 | | - - XSA-<ID> |
| 135 | + * - openssl_importer_v2 |
| 136 | + - openssl |
| 137 | + - CVE ID of the record |
| 138 | + * - fireeye_importer_v2 |
| 139 | + - fireeye |
| 140 | + - {file_id} |
| 141 | + * - collect_{repo_name}_fix_commits |
| 142 | + - {repo_name}_fix_commits |
| 143 | + - CVE ID / GHSA ID of the record |
0 commit comments