Skip to content

Add V2 Importer for Tuxcare advisories#2104

Open
Samk1710 wants to merge 10 commits intoaboutcode-org:mainfrom
Samk1710:add-tuxcare-importer
Open

Add V2 Importer for Tuxcare advisories#2104
Samk1710 wants to merge 10 commits intoaboutcode-org:mainfrom
Samk1710:add-tuxcare-importer

Conversation

@Samk1710
Copy link
Contributor

@Samk1710 Samk1710 commented Jan 4, 2026
edited
Loading

Addresses Issue:

Data Source: https://cve.tuxcare.com/els/download-json?orderBy=updated-desc

Importer Log Excerpt:

Importing data using tuxcare_importer_v2
INFO 2026-01-26 19:49:29.721368 UTC Pipeline [TuxCareImporterPipeline] starting
INFO 2026-01-26 19:49:29.721706 UTC Step [fetch] starting
INFO 2026-01-26 19:49:29.721766 UTC Fetching `https://cve.tuxcare.com/els/download-json?orderBy=updated-desc`
INFO 2026-01-26 19:51:10.961749 UTC Grouped 66,363 records into 9,649 unique CVEs (skipped 11,023: 0 invalid, 11,023 non-affected)
INFO 2026-01-26 19:51:10.963427 UTC Step [fetch] completed in 101 seconds (1.7 minutes)
INFO 2026-01-26 19:51:10.963586 UTC Step [collect_and_store_advisories] starting
INFO 2026-01-26 19:51:10.963635 UTC Collecting 9,649 advisories
INFO 2026-01-26 19:51:19.935667 UTC Progress: 10% (965/9649) ETA: 81 seconds (1.4 minutes)
INFO 2026-01-26 19:51:27.608222 UTC Progress: 20% (1930/9649) ETA: 67 seconds (1.1 minutes)
INFO 2026-01-26 19:51:36.572045 UTC Progress: 30% (2895/9649) ETA: 60 seconds
INFO 2026-01-26 19:51:45.463802 UTC Progress: 40% (3860/9649) ETA: 52 seconds
INFO 2026-01-26 19:51:54.916604 UTC Progress: 50% (4825/9649) ETA: 44 seconds
INFO 2026-01-26 19:52:02.836165 UTC Progress: 60% (5790/9649) ETA: 35 seconds
INFO 2026-01-26 19:52:11.500848 UTC Progress: 70% (6755/9649) ETA: 26 seconds
INFO 2026-01-26 19:52:20.017145 UTC Progress: 80% (7720/9649) ETA: 17 seconds
INFO 2026-01-26 19:52:28.159588 UTC Progress: 90% (8685/9649) ETA: 9 seconds
INFO 2026-01-26 19:52:35.721813 UTC Progress: 100% (9649/9649)
INFO 2026-01-26 19:52:35.729484 UTC Successfully collected 9,649 advisories
INFO 2026-01-26 19:52:35.729635 UTC Step [collect_and_store_advisories] completed in 85 seconds (1.4 minutes)
INFO 2026-01-26 19:52:35.729686 UTC Pipeline completed in 186 seconds (3.1 minutes)

@ziadhany ziadhany self-requested a review January 5, 2026 10:22
ziadhany
ziadhany requested changes Jan 7, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 Thanks , see feedback and suggestions below

@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 7, 2026

@ziadhany Thanks for your review.
I have updated the code as per your suggestion and feedback. Requesting a re-review. Thanks again!

@Samk1710 Samk1710 requested a review from ziadhany January 7, 2026 21:18
ziadhany
ziadhany reviewed Jan 8, 2026
View reviewed changes
@ziadhany
Copy link
Collaborator

ziadhany commented Jan 8, 2026
edited
Loading

@Samk1710, could you please also fix the CI ?

@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 10, 2026

Hey @ziadhany
I have updated the implementation as per your review and suggestion of os_name qualifier. Do let me know if it aligns with what you had in mind. Thanks !

@Samk1710 Samk1710 requested a review from ziadhany January 10, 2026 00:03
ziadhany
ziadhany requested changes Jan 12, 2026
View reviewed changes
@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 12, 2026

Hey @ziadhany
I have refactored the purl as per your suggestion and pushed. Thanks for the guidance :)

@Samk1710 Samk1710 requested a review from ziadhany January 12, 2026 14:23
@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 13, 2026

@Samk1710, could you please also fix the CI ?

Hey @ziadhany could you kindly run the checks. I have fixed the import ordering. Thanks.

ziadhany
ziadhany requested changes Jan 16, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 , The code looks good. I think we just need some refinement of the package URL and the affected and fixed versions.

@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 21, 2026

Hey @ziadhany

I have rectified the PURL. Also added more data to test each OS type with their respective PURLs.
After some digging in I also found the documentation for statuses and also implemented them.
Please see #2104 (comment)

Kindly review the changes when you have time. Thanks.

@Samk1710 Samk1710 requested a review from ziadhany January 22, 2026 18:03
ziadhany
ziadhany reviewed Jan 26, 2026
View reviewed changes
@Samk1710
Copy link
Contributor Author

Samk1710 commented Jan 26, 2026

Hey @ziadhany
As per discussions in the weekly meet, I have implemented the Impact Packages and also mapped the version range.
Kindly take a look at them and let me know if anything has to be improved. Please review when time. Thanks.

@Samk1710 Samk1710 requested a review from ziadhany January 26, 2026 19:45
@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from 0f27746 to 7d47d46 Compare January 27, 2026 16:24
ziadhany
ziadhany requested changes Feb 2, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks good, just a few nits.

@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from e4e1684 to 66be491 Compare February 2, 2026 22:24
@Samk1710
Copy link
Contributor Author

Samk1710 commented Feb 2, 2026

The code looks good, just a few nits.

Thanks @ziadhany
I’ve addressed the review comments and pushed the latest changes.
Please let me know if anything else needs adjustment.

@Samk1710 Samk1710 requested a review from ziadhany February 5, 2026 09:15
@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from 66be491 to 9597abf Compare February 9, 2026 09:57
@Samk1710
Copy link
Contributor Author

Samk1710 commented Feb 19, 2026

Hey @ziadhany. Could you kindly have a look at the changes when time. Thanks.

ziadhany
ziadhany requested changes Feb 21, 2026
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710, just a few nits to improve code quality and update the importer to use AdvisoryDataV2. Overall, the code looks good.

vulnerabilities/pipelines/v2_importers/tuxcare_importer.py Outdated
Comment on lines 31 to 36
VERSION_RANGE_BY_PURL_TYPE = {
"rpm": RANGE_CLASS_BY_SCHEMES["rpm"],
"deb": RANGE_CLASS_BY_SCHEMES["deb"],
"apk": AlpineLinuxVersionRange,
"generic": RANGE_CLASS_BY_SCHEMES["generic"],
}
Copy link
Collaborator

@ziadhany ziadhany Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this ?

Suggested change
VERSION_RANGE_BY_PURL_TYPE = {
"rpm": RANGE_CLASS_BY_SCHEMES["rpm"],
"deb": RANGE_CLASS_BY_SCHEMES["deb"],
"apk": AlpineLinuxVersionRange,
"generic": RANGE_CLASS_BY_SCHEMES["generic"],
}
from univers.version_range import RANGE_CLASS_BY_SCHEMES

Copy link
Contributor Author

@Samk1710 Samk1710 Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany
alpine does not exist in RANGE_CLASS_BY_SCHEME. An existing issue is also open
See : aboutcode-org/univers#112

We need to add this to proceed.

Copy link
Contributor Author

@Samk1710 Samk1710 Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany
Raised

vulnerabilities/pipelines/v2_importers/tuxcare_importer.py

return PackageURL(
type=pkg_type, namespace=namespace, name=project_name, qualifiers=qualifiers
)
Copy link
Collaborator

@ziadhany ziadhany Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a unit test to cover this function.

@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch 2 times, most recently from e8d2186 to d7ed5f2 Compare February 24, 2026 06:22
This was referenced Feb 24, 2026
Closed
Merged
@Samk1710
Add V2 Importer for Tuxcare
0ba7a3b 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor as per review
8bdd80a 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor to PURL qualifier
2c0239a 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Codestyle fix
cb6b7c2 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor PURL and fix type-hinting
9176788 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Fix import ordering
d9b3f2c 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor PURL and status handling
f0a3ee8 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Implement impact packages and specific version with univers
70b0250 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Add docstrings and use pipeline logger
bf3f321 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from d7ed5f2 to 07a5af2 Compare February 24, 2026 18:41
@Samk1710
Add tests for purl creation and use AdvisoryV2
37938ee 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710 Samk1710 force-pushed the add-tuxcare-importer branch from 07a5af2 to 37938ee Compare February 24, 2026 18:56
@Samk1710
Copy link
Contributor Author

Samk1710 commented Feb 24, 2026

@ziadhany Done with the changes. Please have a look when time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ziadhany ziadhany ziadhany requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Samk1710 @ziadhany