fix(wolfi): update vulnerability reference links

The logic that generates the reference link for wolfi advisories was not updated to account for GitHub Security Advisories, resulting in invalid links for those records. Also, the urls generated for CVE ids are also no longer valid as they still pointed to the old mitre website which is no longer updated. Signed-off-by: Weston Steimel <[email protected]>
anchore · Dec 20, 2023 · 29e8fdb · 29e8fdb
1 parent 0a0e32a
commit 29e8fdb
Show file tree

Hide file tree

Showing 252 changed files with 285 additions and 250 deletions.
diff --git a/src/vunnel/providers/wolfi/parser.py b/src/vunnel/providers/wolfi/parser.py
@@ -102,11 +102,16 @@ def _normalize(self, release, data):
                         # create a new record
                         vuln_dict[vid] = copy.deepcopy(vulnerability.vulnerability_element)
                         vuln_record = vuln_dict[vid]
+                        reference_links = vulnerability.build_reference_links(vid)
 
                         # populate the static information about the new vuln record
                         vuln_record["Vulnerability"]["Name"] = str(vid)
                         vuln_record["Vulnerability"]["NamespaceName"] = self.namespace + ":" + str(release)
-                        vuln_record["Vulnerability"]["Link"] = "http://cve.mitre.org/cgi-bin/cvename.cgi?name=" + str(vid)
+
+                        if reference_links:
+                            # TODO: Support multiple links
+                            vuln_record["Vulnerability"]["Link"] = reference_links[0]
+
                         vuln_record["Vulnerability"]["Severity"] = "Unknown"
                     else:
                         vuln_record = vuln_dict[vid]

diff --git a/src/vunnel/utils/vulnerability.py b/src/vunnel/utils/vulnerability.py
@@ -126,3 +126,16 @@ class Vulnerability:
 
     def to_payload(self):
         return {"Vulnerability": asdict(self)}
+
+
+def build_reference_links(vulnerability_id: str) -> list[str] | None:
+    if vulnerability_id.startswith("CVE-"):
+        return [
+            f"https://www.cve.org/CVERecord?id={vulnerability_id}",
+            f"https://nvd.nist.gov/vuln/detail/{vulnerability_id}",
+        ]
+
+    if vulnerability_id.startswith("GHSA-"):
+        return [f"https://github.com/advisories/{vulnerability_id}"]
+
+    return None
diff --git a/tests/quality/vulnerability-match-labels b/tests/quality/vulnerability-match-labels
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-2728.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-2728.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-2728","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728","Description":"","Metadata":{},"Name":"CVE-2007-2728","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-2728","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2007-2728","Description":"","Metadata":{},"Name":"CVE-2007-2728","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-3205.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-3205.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-3205","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3205","Description":"","Metadata":{},"Name":"CVE-2007-3205","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-3205","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2007-3205","Description":"","Metadata":{},"Name":"CVE-2007-3205","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-4559.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-4559.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-4559","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"python-3.10","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"},{"Name":"python-3.11","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"},{"Name":"python-3.12","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559","Description":"","Metadata":{},"Name":"CVE-2007-4559","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-4559","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"python-3.10","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"},{"Name":"python-3.11","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"},{"Name":"python-3.12","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2007-4559","Description":"","Metadata":{},"Name":"CVE-2007-4559","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-4596.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2007-4596.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-4596","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4596","Description":"","Metadata":{},"Name":"CVE-2007-4596","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-4596","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2007-4596","Description":"","Metadata":{},"Name":"CVE-2007-4596","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2010-4756.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2010-4756.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2010-4756","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"glibc","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756","Description":"","Metadata":{},"Name":"CVE-2010-4756","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2010-4756","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"glibc","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2010-4756","Description":"","Metadata":{},"Name":"CVE-2010-4756","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-2102.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-2102.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-2102","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"haproxy","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2102","Description":"","Metadata":{},"Name":"CVE-2016-2102","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-2102","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"haproxy","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2016-2102","Description":"","Metadata":{},"Name":"CVE-2016-2102","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-2781.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-2781.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-2781","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"coreutils","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781","Description":"","Metadata":{},"Name":"CVE-2016-2781","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-2781","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"coreutils","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2016-2781","Description":"","Metadata":{},"Name":"CVE-2016-2781","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9131.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9131.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9131","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131","Description":"","Metadata":{},"Name":"CVE-2016-9131","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9131","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2016-9131","Description":"","Metadata":{},"Name":"CVE-2016-9131","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9147.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9147.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9147","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147","Description":"","Metadata":{},"Name":"CVE-2016-9147","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9147","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2016-9147","Description":"","Metadata":{},"Name":"CVE-2016-9147","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9444.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2016-9444.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9444","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444","Description":"","Metadata":{},"Name":"CVE-2016-9444","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2016-9444","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2016-9444","Description":"","Metadata":{},"Name":"CVE-2016-9444","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3136.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3136.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3136","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136","Description":"","Metadata":{},"Name":"CVE-2017-3136","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3136","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-3136","Description":"","Metadata":{},"Name":"CVE-2017-3136","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3137.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3137.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3137","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137","Description":"","Metadata":{},"Name":"CVE-2017-3137","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3137","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-3137","Description":"","Metadata":{},"Name":"CVE-2017-3137","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3138.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3138.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3138","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138","Description":"","Metadata":{},"Name":"CVE-2017-3138","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3138","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-3138","Description":"","Metadata":{},"Name":"CVE-2017-3138","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3145.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-3145.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3145","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145","Description":"","Metadata":{},"Name":"CVE-2017-3145","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-3145","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"bind","Version":"9.18.10-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-3145","Description":"","Metadata":{},"Name":"CVE-2017-3145","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-7507.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-7507.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-7507","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"gnutls","Version":"3.7.8-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7507","Description":"","Metadata":{},"Name":"CVE-2017-7507","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-7507","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"gnutls","Version":"3.7.8-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-7507","Description":"","Metadata":{},"Name":"CVE-2017-7507","CVSS":[]}}}
diff --git a/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-8806.json b/...s/unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2017-8806.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-8806","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"postgresql-15","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8806","Description":"","Metadata":{},"Name":"CVE-2017-8806","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2017-8806","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"postgresql-15","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2017-8806","Description":"","Metadata":{},"Name":"CVE-2017-8806","CVSS":[]}}}
diff --git a/...nit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2018-1000156.json b/...nit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2018-1000156.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2018-1000156","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"patch","Version":"2.7.6-r3","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156","Description":"","Metadata":{},"Name":"CVE-2018-1000156","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2018-1000156","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"patch","Version":"2.7.6-r3","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-1000156","Description":"","Metadata":{},"Name":"CVE-2018-1000156","CVSS":[]}}}
diff --git a/.../unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2018-12020.json b/.../unit/providers/chainguard/test-fixtures/snapshots/chainguard:rolling/CVE-2018-12020.json
@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2018-12020","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"gnupg","Version":"2.2.41-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020","Description":"","Metadata":{},"Name":"CVE-2018-12020","CVSS":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2018-12020","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"gnupg","Version":"2.2.41-r0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2018-12020","Description":"","Metadata":{},"Name":"CVE-2018-12020","CVSS":[]}}}
+1 −1		.yardstick.yaml
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/05ecf980-9c09-47bd-a5b6-f76b4e908c75.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/11f992d1-a56d-499b-92bf-513ebc238a30.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/1be85785-a4ff-462a-a74c-261046bff71d.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/1e411cce-3789-462e-89ac-e6c499a29c29.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/3e2e74f0-b4d8-4ffa-b407-2f74152b2de5.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/71b7ddef-d949-4388-949f-9dec3debbb04.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/8331e4c9-3675-42f7-9eb6-f8373f975524.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/a27b4a38-f2e2-4652-b831-e1a1626503fa.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/b4d67409-e7f5-4911-91b5-6599778a7657.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/c2a3344e-0b2e-4093-b2c8-cdba313f480c.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/cbe9dc27-f683-420d-a164-37e93e636b41.json
+0 −1		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/ccf7be92-a986-4107-a389-21191b523f79.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/d4557bcf-3d1a-4fc7-87f7-1667d8c1c047.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/d4b6ad3f-0922-489a-a822-39e266283d13.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/f4089b28-a0f9-4e99-9046-7e5d7730de7e.json
+1 −0		...:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507/fac1968b-e461-4778-b4fe-2bd8c023f4a5.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/07f0b861-4014-409a-8c67-833b6bb6b043.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/0e75c01b-b9f5-439a-8ff4-8b6067b54b62.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/1506c4ff-e10e-409a-8132-83c83eccdefd.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/1767e8f9-18e5-494c-98d3-9dfcb0980a5b.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/2df549c0-51ab-4b0a-bc13-87c43a6314bd.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/62898235-c0d3-4d55-a6b5-d14bd76f5799.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/66af3f50-d04e-429f-bb37-95fd0d588633.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/6d86017f-032b-4b54-ac99-144f241e0307.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/8294f10f-97f7-446e-80ba-a962234e899f.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/8d1783b1-8962-4d8a-a95b-446a0628a1a6.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/af694256-39c4-4390-a839-6424b4412b42.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/c381dcf6-c6f4-4146-a951-d72a3265232a.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/d08eb9f3-d175-48a4-8dc8-7b24a38c7cec.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/d13d6c4c-5f18-4f9f-9a9a-e75702862267.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/d1fb073a-569f-45e1-a04f-34613074fbe2.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/e56783b5-95c9-44f2-9144-78b062beb511.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/e9df5434-a5a7-4c81-a9d3-d10248329b69.json
+1 −0		...:59bddc101fba0c45d5c093575c6bc5bfee7f0e46ff127e6bb4e5acaaafb525f9/fc2b6080-68b4-4df4-869c-969b80281397.json
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-2728","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728","Description":"","Metadata":{},"Name":"CVE-2007-2728","CVSS":[]}}}
		{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"chainguard:rolling/CVE-2007-2728","item":{"Vulnerability":{"Severity":"Unknown","NamespaceName":"chainguard:rolling","FixedIn":[{"Name":"php","Version":"0","VersionFormat":"apk","NamespaceName":"chainguard:rolling"}],"Link":"https://www.cve.org/CVERecord?id=CVE-2007-2728","Description":"","Metadata":{},"Name":"CVE-2007-2728","CVSS":[]}}}