Skip to content

EUVD integration into VulnDB#2166

Open
Hubtrick-Git wants to merge 35 commits into
mainfrom
feature/integrate-euvd
Open

EUVD integration into VulnDB#2166
Hubtrick-Git wants to merge 35 commits into
mainfrom
feature/integrate-euvd

Conversation

@Hubtrick-Git

@Hubtrick-Git Hubtrick-Git commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

Features

Alias Mapping:

~ Approx: 340k euvd aliases

We now also synchronize the alias mapping csv file from the EUVD:

  1. First fetch the euvd csv file and convert to euvd_relationship objects
  2. Insert those into a staging table
  3. Insert into the cve_relationships table while resolving the cves to their downstream relations

EUVD KEV

We now synchronize KEV data from the EUVD as well. The EUVD lists multiple sources which then correspond to the respective columns in the cves table (cisa_date_added, euvd_date_added).

Advisory Sync

We know also sync CSAF advisory sources from CSIRTs. Currently only Germany and Netherlands provide an open CSAF api to do so, so we are only syncing these 2. Further sources can easily be added by just adding the url to the list of fetched CSAF sources.

  1. A CSAF report represents a new CVE with the advisory ID as the CVE-ID.
  2. All related CVEs in the vulnerability object represent a cve_relationship (source_cve = advisoryID, target_cve = related CVE-XXXX)
  3. Since CSAF reports to not come with affected components we can only match them via their target_cve, therefore we can filter out all Advisories/Relations where the target_cve does not exist and therefore can never be found.

Discussion

  • Merge both CISA KEV and EUVD KEV into a single KEV file?
  • Move CSAF fetching into csaf_service or to its own file

TO-DO:

  • Implement alias mapping for euvd KEV data as well
  • Implement euvd into backend information stream
  • Add euvd information to relevant frontend pages
  • Fetch CSAF sources
  • Import stream performance improvements

@Hubtrick-Git
Hubtrick-Git marked this pull request as ready for review June 25, 2026 13:29
Copilot AI review requested due to automatic review settings July 9, 2026 16:08

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends VulnDB ingestion/export/import to incorporate EUVD data (alias mapping + KEV signal), adds CSAF advisory ingestion, and propagates these new data points through export artifacts, quick-diff integrity logic, DTOs, and risk scoring. It also bumps the published VulnDB OCI artifact to v3 to reflect the new archive schema.

Changes:

  • Add EUVD alias mapping ingestion into cve_relationships and EUVD KEV ingestion into cves.euvd_exploit_add.
  • Add CSAF advisory ingestion (as “advisory CVEs” + advisory relationships) and export/import those as new gob artifacts.
  • Update KEV handling (merge CISA+EUVD), quick-diff computations, and risk scoring to treat “actively exploited” as CISA or EUVD KEV.

Reviewed changes

Copilot reviewed 25 out of 27 changed files in this pull request and generated 11 comments.

Show a summary per file
File Description
vulndb/vulndb_service.go Integrates EUVD alias + EUVD KEV + CSAF advisory fetching into export/import flows; merges KEV signals.
vulndb/risk.go Updates risk rounding and treats KEV (CISA or EUVD) as “actively exploited” for threat scoring.
vulndb/risk_test.go Adds tests for the new “actively exploited” behavior.
vulndb/quick_diff.go Extends quick-diff CVE snapshot/diff to include euvd_exploit_add.
vulndb/osv_service.go Adds euvd_exploit_add to staging/insert paths and refactors cleanup to return errors.
vulndb/import_debug.go Updates debug import to include new gob inputs and KEV path.
vulndb/gob.go Renames KEV gob representation and includes EUVD KEV date.
vulndb/euvd_service.go New: fetch/convert EUVD ID mapping CSV and resolve/insert derived relationships.
vulndb/euvd_kev_service.go New: fetch EUVD KEV dump and map to CVE model fields.
vulndb/cisa_kev_service.go Consolidates KEV write logic into InsertKEVBulk and adds EUVD KEV column updates.
utils/egress_client.go Adds a factory for egress HTTP clients with configurable timeout.
utils/common.go Adds a helper for GET requests with context + optional client.
transformer/dependency_vuln_transformer.go Exposes EUVDExploitAdd in the CVE DTO conversion.
tests/quick_diff_integration_test.go Updates KEV test wiring and adds coverage for EUVD+CISA alias merge behavior.
tests/euvd_integration_test.go New: integration test for EUVD relationship resolution logic.
shared/common_interfaces.go Removes old repository KEV batch updater and adds CSAF fetch method to VulnDBService interface.
mocks/mock_HTTPDoer.go New generated mock (mockery).
mocks/mock_APIStatsCollector.go New generated mock (mockery).
dtos/dependency_vuln_dto.go Adds euvdExploitAdd to API DTO.
dtos/cve_relationship_dto.go Adds relationship types for EUVD and advisory-derived relationships.
database/repositories/cve_repository.go Removes old GORM-based CISA KEV batch update function.
database/models/cve_relationship_model.go Clarifies relationship field semantics in comments.
database/models/cve_model.go Adds EUVDExploitAdd field to CVE model.
database/migrations/20260622103622_add-euvd-kev-information-to-cves.up.sql Adds euvd_exploit_add column to cves.
.vscode/launch.json Adds “local archive” import debug config (but currently invalid JSON).
.github/workflows/vulndb.yaml Publishes VulnDB archive/signature to v3 OCI path.
.github/workflows/vulndb-1.7.3.yaml Adds a workflow to keep producing the legacy v2 artifact for DevGuard v1.7.3.
Files not reviewed (2)
  • mocks/mock_APIStatsCollector.go: Generated file
  • mocks/mock_HTTPDoer.go: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .vscode/launch.json Outdated
Comment thread .vscode/launch.json Outdated
Comment thread vulndb/vulndb_service.go
Comment thread vulndb/vulndb_service.go Outdated
Comment thread vulndb/vulndb_service.go
Comment thread vulndb/euvd_service.go
Comment thread vulndb/euvd_service.go Outdated
Comment thread vulndb/euvd_kev_service.go Outdated
Comment thread vulndb/osv_service.go
Comment thread vulndb/osv_service.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants