Skip to content

Review all v2 pipelines#2196

Open
TG1999 wants to merge 6 commits intomainfrom
review_v2_pipelines
Open

Review all v2 pipelines#2196
TG1999 wants to merge 6 commits intomainfrom
review_v2_pipelines

Conversation

@TG1999
Copy link
Contributor

@TG1999 TG1999 commented Mar 3, 2026

No description provided.

TG1999 added 5 commits March 3, 2026 20:27
@TG1999
Review all v2 pipelines
7a89e5b 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999
Make ISTIO run once only
a06cba9 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999
Fix formatting issues
83dca12 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999
Add blog
4b1e80e 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999
Fix tests
ff65b22 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
keshav-space
keshav-space reviewed Mar 3, 2026
View reviewed changes
vulnerabilities/pipelines/v2_importers/archlinux_importer.py Outdated

severities = [
VulnerabilitySeverity(
system=severity_systems.GENERIC,
Copy link
Member

@keshav-space keshav-space Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TG1999 maybe we should add support for Arch Linux severity scoring system?https://wiki.archlinux.org/title/Bug_reporting_guidelines#Severity

keshav-space
keshav-space reviewed Mar 3, 2026
View reviewed changes
PIPELINES-AVID.rst Outdated
Comment on lines +1 to +71
+-------------------------------+--------------------------------------------------------------+
| pipeline name | AVID |
+===============================+==============================================================+
| alpine_linux_importer_v2 | {package_name}/{distroversion}/{version}/{vulnerability_id} |
+-------------------------------+--------------------------------------------------------------+
| aosp_dataset_fix_commits | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_httpd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_kafka_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_tomcat_importer_v2 | {page_id}/{cve_id} |
+-------------------------------+--------------------------------------------------------------+
| archlinux_importer_v2 | AVG ID of the record |
+-------------------------------+--------------------------------------------------------------+
| curl_importer_v2 | CURL-CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| debian_importer_v2 | {package_name}/{debian_record_id} |
+-------------------------------+--------------------------------------------------------------+
| elixir_security_importer_v2 | {package_name}/{file_id} |
+-------------------------------+--------------------------------------------------------------+
| epss_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| fireeye_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| gentoo_importer_v2 | GLSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| github_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| gitlab_importer_v2 | Identifier of the GitLab community advisory record |
+-------------------------------+--------------------------------------------------------------+
| istio_importer_v2 | ISTIO-SECURITY-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mattermost_importer_v2 | MMSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mozilla_importer_v2 | MFSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nginx_importer_v2 | First alias of the record |
+-------------------------------+--------------------------------------------------------------+
| nodejs_security_wg | NPM-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nvd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| openssl_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| oss_fuzz_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| postgresql_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-msr-2019_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-statements_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| pypa_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| pysec_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| redhat_importer_v2 | RHSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| retiredotnet_importer_v2 | retiredotnet-{file_id} |
+-------------------------------+--------------------------------------------------------------+
| ruby_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| suse_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| ubuntu_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| vulnrichment_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| xen_importer_v2 | XSA-<ID> |
+-------------------------------+--------------------------------------------------------------+ No newline at end of file
Copy link
Member

@keshav-space keshav-space Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rst is not getting rendered properly we need extra space towards the end of every row.

Suggested change
+-------------------------------+--------------------------------------------------------------+
| pipeline name | AVID |
+===============================+==============================================================+
| alpine_linux_importer_v2 | {package_name}/{distroversion}/{version}/{vulnerability_id} |
+-------------------------------+--------------------------------------------------------------+
| aosp_dataset_fix_commits | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_httpd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_kafka_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_tomcat_importer_v2 | {page_id}/{cve_id} |
+-------------------------------+--------------------------------------------------------------+
| archlinux_importer_v2 | AVG ID of the record |
+-------------------------------+--------------------------------------------------------------+
| curl_importer_v2 | CURL-CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| debian_importer_v2 | {package_name}/{debian_record_id} |
+-------------------------------+--------------------------------------------------------------+
| elixir_security_importer_v2 | {package_name}/{file_id} |
+-------------------------------+--------------------------------------------------------------+
| epss_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| fireeye_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| gentoo_importer_v2 | GLSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| github_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| gitlab_importer_v2 | Identifier of the GitLab community advisory record |
+-------------------------------+--------------------------------------------------------------+
| istio_importer_v2 | ISTIO-SECURITY-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mattermost_importer_v2 | MMSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mozilla_importer_v2 | MFSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nginx_importer_v2 | First alias of the record |
+-------------------------------+--------------------------------------------------------------+
| nodejs_security_wg | NPM-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nvd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| openssl_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| oss_fuzz_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| postgresql_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-msr-2019_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-statements_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| pypa_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| pysec_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| redhat_importer_v2 | RHSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| retiredotnet_importer_v2 | retiredotnet-{file_id} |
+-------------------------------+--------------------------------------------------------------+
| ruby_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| suse_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| ubuntu_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| vulnrichment_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| xen_importer_v2 | XSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
+-------------------------------+--------------------------------------------------------------+
| pipeline name | AVID |
+===============================+==============================================================+
| alpine_linux_importer_v2 | {package_name}/{distroversion}/{version}/{vulnerability_id} |
+-------------------------------+--------------------------------------------------------------+
| aosp_dataset_fix_commits | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_httpd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_kafka_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| apache_tomcat_importer_v2 | {page_id}/{cve_id} |
+-------------------------------+--------------------------------------------------------------+
| archlinux_importer_v2 | AVG ID of the record |
+-------------------------------+--------------------------------------------------------------+
| curl_importer_v2 | CURL-CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| debian_importer_v2 | {package_name}/{debian_record_id} |
+-------------------------------+--------------------------------------------------------------+
| elixir_security_importer_v2 | {package_name}/{file_id} |
+-------------------------------+--------------------------------------------------------------+
| epss_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| fireeye_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| gentoo_importer_v2 | GLSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| github_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| gitlab_importer_v2 | Identifier of the GitLab community advisory record |
+-------------------------------+--------------------------------------------------------------+
| istio_importer_v2 | ISTIO-SECURITY-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mattermost_importer_v2 | MMSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| mozilla_importer_v2 | MFSA-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nginx_importer_v2 | First alias of the record |
+-------------------------------+--------------------------------------------------------------+
| nodejs_security_wg | NPM-<ID> |
+-------------------------------+--------------------------------------------------------------+
| nvd_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| openssl_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| oss_fuzz_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| postgresql_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-msr-2019_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| project-kb-statements_v2 | Vulnerability ID of the record |
+-------------------------------+--------------------------------------------------------------+
| pypa_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| pysec_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| redhat_importer_v2 | RHSA ID of the record |
+-------------------------------+--------------------------------------------------------------+
| retiredotnet_importer_v2 | retiredotnet-{file_id} |
+-------------------------------+--------------------------------------------------------------+
| ruby_importer_v2 | {file_id} |
+-------------------------------+--------------------------------------------------------------+
| suse_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| ubuntu_osv_importer_v2 | ID of the OSV record |
+-------------------------------+--------------------------------------------------------------+
| vulnrichment_importer_v2 | CVE ID of the record |
+-------------------------------+--------------------------------------------------------------+
| xen_importer_v2 | XSA-<ID> |
+-------------------------------+--------------------------------------------------------------+

@TG1999
Address review comments
fa1af1e 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999 TG1999 force-pushed the review_v2_pipelines branch from 3c8e8f1 to fa1af1e Compare March 3, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keshav-space keshav-space keshav-space left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TG1999 @keshav-space