EUVD integration into VulnDB#2166
Open
Hubtrick-Git wants to merge 35 commits into
Open
Conversation
…ves table to add the new euvd exploit add column
… test case to catch deduplication bug in KEV Insert
…-cves.down.sql Signed-off-by: Tim Bastin <38261809+timbastin@users.noreply.github.com>
… the euvd also now and clean ups orphaned relationships and added debug for import
…-dev/devguard into feature/integrate-euvd
…writing them to the cve_relationships table, that way we can keep the fk on source_cve
Hubtrick-Git
marked this pull request as ready for review
June 25, 2026 13:29
…ect file name, updated stale comments
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends VulnDB ingestion/export/import to incorporate EUVD data (alias mapping + KEV signal), adds CSAF advisory ingestion, and propagates these new data points through export artifacts, quick-diff integrity logic, DTOs, and risk scoring. It also bumps the published VulnDB OCI artifact to v3 to reflect the new archive schema.
Changes:
- Add EUVD alias mapping ingestion into
cve_relationshipsand EUVD KEV ingestion intocves.euvd_exploit_add. - Add CSAF advisory ingestion (as “advisory CVEs” + advisory relationships) and export/import those as new gob artifacts.
- Update KEV handling (merge CISA+EUVD), quick-diff computations, and risk scoring to treat “actively exploited” as CISA or EUVD KEV.
Reviewed changes
Copilot reviewed 25 out of 27 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| vulndb/vulndb_service.go | Integrates EUVD alias + EUVD KEV + CSAF advisory fetching into export/import flows; merges KEV signals. |
| vulndb/risk.go | Updates risk rounding and treats KEV (CISA or EUVD) as “actively exploited” for threat scoring. |
| vulndb/risk_test.go | Adds tests for the new “actively exploited” behavior. |
| vulndb/quick_diff.go | Extends quick-diff CVE snapshot/diff to include euvd_exploit_add. |
| vulndb/osv_service.go | Adds euvd_exploit_add to staging/insert paths and refactors cleanup to return errors. |
| vulndb/import_debug.go | Updates debug import to include new gob inputs and KEV path. |
| vulndb/gob.go | Renames KEV gob representation and includes EUVD KEV date. |
| vulndb/euvd_service.go | New: fetch/convert EUVD ID mapping CSV and resolve/insert derived relationships. |
| vulndb/euvd_kev_service.go | New: fetch EUVD KEV dump and map to CVE model fields. |
| vulndb/cisa_kev_service.go | Consolidates KEV write logic into InsertKEVBulk and adds EUVD KEV column updates. |
| utils/egress_client.go | Adds a factory for egress HTTP clients with configurable timeout. |
| utils/common.go | Adds a helper for GET requests with context + optional client. |
| transformer/dependency_vuln_transformer.go | Exposes EUVDExploitAdd in the CVE DTO conversion. |
| tests/quick_diff_integration_test.go | Updates KEV test wiring and adds coverage for EUVD+CISA alias merge behavior. |
| tests/euvd_integration_test.go | New: integration test for EUVD relationship resolution logic. |
| shared/common_interfaces.go | Removes old repository KEV batch updater and adds CSAF fetch method to VulnDBService interface. |
| mocks/mock_HTTPDoer.go | New generated mock (mockery). |
| mocks/mock_APIStatsCollector.go | New generated mock (mockery). |
| dtos/dependency_vuln_dto.go | Adds euvdExploitAdd to API DTO. |
| dtos/cve_relationship_dto.go | Adds relationship types for EUVD and advisory-derived relationships. |
| database/repositories/cve_repository.go | Removes old GORM-based CISA KEV batch update function. |
| database/models/cve_relationship_model.go | Clarifies relationship field semantics in comments. |
| database/models/cve_model.go | Adds EUVDExploitAdd field to CVE model. |
| database/migrations/20260622103622_add-euvd-kev-information-to-cves.up.sql | Adds euvd_exploit_add column to cves. |
| .vscode/launch.json | Adds “local archive” import debug config (but currently invalid JSON). |
| .github/workflows/vulndb.yaml | Publishes VulnDB archive/signature to v3 OCI path. |
| .github/workflows/vulndb-1.7.3.yaml | Adds a workflow to keep producing the legacy v2 artifact for DevGuard v1.7.3. |
Files not reviewed (2)
- mocks/mock_APIStatsCollector.go: Generated file
- mocks/mock_HTTPDoer.go: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…gging in the terminal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Features
Alias Mapping:
~ Approx: 340k euvd aliases
We now also synchronize the alias mapping csv file from the EUVD:
EUVD KEV
We now synchronize KEV data from the EUVD as well. The EUVD lists multiple sources which then correspond to the respective columns in the cves table (cisa_date_added, euvd_date_added).
Advisory Sync
We know also sync CSAF advisory sources from CSIRTs. Currently only Germany and Netherlands provide an open CSAF api to do so, so we are only syncing these 2. Further sources can easily be added by just adding the url to the list of fetched CSAF sources.
Discussion
TO-DO: