Skip to content

Add V2 Importer for Tuxcare advisories #2104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Samk1710 wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add V2 Importer for Tuxcare advisories #2104

Samk1710 wants to merge 8 commits into from
+957 −0

Conversation

@Samk1710
Copy link

@Samk1710 Samk1710 commented Jan 4, 2026
edited
Loading

Addresses Issue:

Data Source: https://cve.tuxcare.com/els/download-json?orderBy=updated-desc

Importer Log Excerpt:

Importing data using tuxcare_importer_v2
INFO 2026-01-26 19:49:29.721368 UTC Pipeline [TuxCareImporterPipeline] starting
INFO 2026-01-26 19:49:29.721706 UTC Step [fetch] starting
INFO 2026-01-26 19:49:29.721766 UTC Fetching `https://cve.tuxcare.com/els/download-json?orderBy=updated-desc`
INFO 2026-01-26 19:51:10.961749 UTC Grouped 66,363 records into 9,649 unique CVEs (skipped 11,023: 0 invalid, 11,023 non-affected)
INFO 2026-01-26 19:51:10.963427 UTC Step [fetch] completed in 101 seconds (1.7 minutes)
INFO 2026-01-26 19:51:10.963586 UTC Step [collect_and_store_advisories] starting
INFO 2026-01-26 19:51:10.963635 UTC Collecting 9,649 advisories
INFO 2026-01-26 19:51:19.935667 UTC Progress: 10% (965/9649) ETA: 81 seconds (1.4 minutes)
INFO 2026-01-26 19:51:27.608222 UTC Progress: 20% (1930/9649) ETA: 67 seconds (1.1 minutes)
INFO 2026-01-26 19:51:36.572045 UTC Progress: 30% (2895/9649) ETA: 60 seconds
INFO 2026-01-26 19:51:45.463802 UTC Progress: 40% (3860/9649) ETA: 52 seconds
INFO 2026-01-26 19:51:54.916604 UTC Progress: 50% (4825/9649) ETA: 44 seconds
INFO 2026-01-26 19:52:02.836165 UTC Progress: 60% (5790/9649) ETA: 35 seconds
INFO 2026-01-26 19:52:11.500848 UTC Progress: 70% (6755/9649) ETA: 26 seconds
INFO 2026-01-26 19:52:20.017145 UTC Progress: 80% (7720/9649) ETA: 17 seconds
INFO 2026-01-26 19:52:28.159588 UTC Progress: 90% (8685/9649) ETA: 9 seconds
INFO 2026-01-26 19:52:35.721813 UTC Progress: 100% (9649/9649)
INFO 2026-01-26 19:52:35.729484 UTC Successfully collected 9,649 advisories
INFO 2026-01-26 19:52:35.729635 UTC Step [collect_and_store_advisories] completed in 85 seconds (1.4 minutes)
INFO 2026-01-26 19:52:35.729686 UTC Pipeline completed in 186 seconds (3.1 minutes)

@ziadhany ziadhany self-requested a review January 5, 2026 10:22
ziadhany
ziadhany requested changes Jan 7, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 Thanks , see feedback and suggestions below

@Samk1710
Copy link
Author

Samk1710 commented Jan 7, 2026

@ziadhany Thanks for your review.
I have updated the code as per your suggestion and feedback. Requesting a re-review. Thanks again!

@Samk1710 Samk1710 requested a review from ziadhany January 7, 2026 21:18
ziadhany
ziadhany reviewed Jan 8, 2026
View reviewed changes
@ziadhany
Copy link
Collaborator

ziadhany commented Jan 8, 2026
edited
Loading

@Samk1710, could you please also fix the CI ?

@Samk1710
Copy link
Author

Samk1710 commented Jan 10, 2026

Hey @ziadhany
I have updated the implementation as per your review and suggestion of os_name qualifier. Do let me know if it aligns with what you had in mind. Thanks !

@Samk1710 Samk1710 requested a review from ziadhany January 10, 2026 00:03
ziadhany
ziadhany requested changes Jan 12, 2026
View reviewed changes
@Samk1710
Copy link
Author

Samk1710 commented Jan 12, 2026

Hey @ziadhany
I have refactored the purl as per your suggestion and pushed. Thanks for the guidance :)

@Samk1710 Samk1710 requested a review from ziadhany January 12, 2026 14:23
@Samk1710
Copy link
Author

Samk1710 commented Jan 13, 2026

@Samk1710, could you please also fix the CI ?

Hey @ziadhany could you kindly run the checks. I have fixed the import ordering. Thanks.

ziadhany
ziadhany requested changes Jan 16, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 , The code looks good. I think we just need some refinement of the package URL and the affected and fixed versions.

@Samk1710
Copy link
Author

Samk1710 commented Jan 21, 2026

Hey @ziadhany

I have rectified the PURL. Also added more data to test each OS type with their respective PURLs.
After some digging in I also found the documentation for statuses and also implemented them.
Please see #2104 (comment)

Kindly review the changes when you have time. Thanks.

@Samk1710 Samk1710 requested a review from ziadhany January 22, 2026 18:03
ziadhany
ziadhany reviewed Jan 26, 2026
View reviewed changes
vulnerabilities/pipelines/v2_importers/tuxcare_importer.py Outdated
Comment on lines 132 to 136
try:
version_range = GenericVersionRange.from_versions([version])
except ValueError as e:
logger.warning(f"Failed to parse version {version} for {cve_id}: {e}")
continue
Copy link
Collaborator

@ziadhany ziadhany Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VersionRange should also be mapped correctly.

see:
https://github.com/aboutcode-org/univers/blob/main/src/univers/version_range.py#L1429

Copy link
Author

@Samk1710 Samk1710 Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VersionRange should also be mapped correctly.

see: https://github.com/aboutcode-org/univers/blob/main/src/univers/version_range.py#L1429

Implemented

@Samk1710
Copy link
Author

Samk1710 commented Jan 26, 2026

Hey @ziadhany
As per discussions in the weekly meet, I have implemented the Impact Packages and also mapped the version range.
Kindly take a look at them and let me know if anything has to be improved. Please review when time. Thanks.

@Samk1710 Samk1710 requested a review from ziadhany January 26, 2026 19:45
@Samk1710
Add V2 Importer for Tuxcare
9244782 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor as per review
84c3f40 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor to PURL qualifier
0c54f35 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Codestyle fix
1b3f4f4 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor PURL and fix type-hinting
8134ec4 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Fix import ordering
27d102d 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor PURL and status handling
c6a87b7 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Implement impact packages and specific version with univers
7d47d46 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from 0f27746 to 7d47d46 Compare January 27, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ziadhany ziadhany Awaiting requested review from ziadhany

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Samk1710 @ziadhany