Skip to content

Add EUVD importer #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nscuro merged 1 commit into from
Jun 3, 2025
Merged

Add EUVD importer #56

nscuro merged 1 commit into from
Jun 3, 2025

Conversation

@nscuro
Copy link
Member

@nscuro nscuro commented May 16, 2025

Closes #37

@nscuro nscuro added the enhancement New feature or request label May 16, 2025
@nscuro nscuro force-pushed the euvd branch 2 times, most recently from 2bb8a98 to ca603c9 Compare June 3, 2025 12:39
@nscuro nscuro marked this pull request as ready for review June 3, 2025 12:39
Copilot AI review requested due to automatic review settings June 3, 2025 12:39
Copilot AI reviewed Jun 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for importing vulnerabilities from the European Union Vulnerability Database (EUVD). Key changes include the addition of a new importer and related classes for deserialization and vulnerability records, updates to the persistence of vulnerability data, and minor workflow adjustments and dependency additions.

  • Added the EUVD importer and supporting data model classes.
  • Integrated resilience4j retry support for handling network errors.
  • Updated configuration files and GitHub workflows to include EUVD as a source.

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/main/resources/META-INF/services/org.dependencytrack.vulndb.api.Importer Registers the new EUVD importer.
src/main/java/org/dependencytrack/vulndb/source/euvd/NewlineDelimitedListDeserializer.java Provides a deserializer for newline-delimited lists.
src/main/java/org/dependencytrack/vulndb/source/euvd/EuvdVulnerability.java Defines the vulnerability record with format annotations (note the TODO comments in timezone configuration).
src/main/java/org/dependencytrack/vulndb/source/euvd/EuvdVulnerabilitiesPage.java Adds a new record type to represent a page of vulnerabilities.
src/main/java/org/dependencytrack/vulndb/source/euvd/EuvdImporter.java Implements the importer logic for EUVD, including HTTP retries and JSON parsing.
pom.xml Adds the resilience4j-retry dependency.
.github/workflows/update-database.yml Updates the workflow to include the EUVD source for database updates.

@nscuro
Add EUVD importer
3ffed58 
Signed-off-by: nscuro <[email protected]>
@nscuro nscuro merged commit 8285555 into main Jun 3, 2025
3 checks passed
@nscuro nscuro deleted the euvd branch June 3, 2025 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Source: ENISA Vulnerability Database

2 participants

@nscuro