fleet

Elgato_dark/fleet

Fork 0

mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00

Commit graph

Author	SHA1	Message	Date
Tim Lee	e0d7e0c6b8	Add RHEL support to osv-processor (#43277 )	2026-04-21 13:39:22 -06:00
Konstantin Sykulev	d7b6b3c018	Use OSV for ubuntu vulnerability scanning (#42063 ) Related issue: Resolves #40057 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT ` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit New Features * OSV (Open Source Vulnerabilities) added as an optional Ubuntu vulnerability data source and enabled by default. * Features * Integrated OSV into the vulnerability scanning pipeline, artifact sync/refresh, detection, and cleanup flows. * Improved Ubuntu package/kernel version matching for more accurate OSV detections. * Chores * Added configuration flag and updated expected config fixtures. * Tests * Added extensive tests for OSV sync, artifact handling, analyzer logic, and cleanup behaviors. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-04-03 15:59:32 -05:00
Konstantin Sykulev	8eaecfc9e1	OSV artifact generation for use in vulnerabilities repository (#42203 ) Related issue: Resolves #41571 Full Artifacts: Ubuntu 14.04: 901 KB Ubuntu 16.04: 2.0 MB Ubuntu 18.04: 4.3 MB Ubuntu 20.04: 5.9 MB Ubuntu 22.04: 5.6 MB Ubuntu 24.04: 1.7 MB Ubuntu 24.10: 4.4 KB Ubuntu 25.04: 6.0 KB Ubuntu 25.10: 207 KB Total Size: All artifacts (full + deltas): 31 MB (was 54 MB) Full artifacts only: ~20 MB (was ~27 MB) Delta artifacts: ~11 MB (was ~27 MB) ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Added a vulnerability data processor that scans OSV JSON inputs, aggregates per-Ubuntu-version artifacts, supports inclusive/exclusive version filters, and can emit optional “today”/“yesterday” delta artifacts. * Added a repository sync-and-change-detection tool that generates de-duplicated lists of CVE-related files changed today and yesterday. * Processor expands certain package names (e.g., emacs) into additional package entries for broader coverage. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-25 13:02:26 -05:00

Author

SHA1

Message

Date

Tim Lee

e0d7e0c6b8

Add RHEL support to osv-processor (#43277 )

2026-04-21 13:39:22 -06:00

Konstantin Sykulev

d7b6b3c018

Use OSV for ubuntu vulnerability scanning (#42063 )

**Related issue:** Resolves #40057

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* OSV (Open Source Vulnerabilities) added as an optional Ubuntu
vulnerability data source and enabled by default.

* **Features**
* Integrated OSV into the vulnerability scanning pipeline, artifact
sync/refresh, detection, and cleanup flows.
* Improved Ubuntu package/kernel version matching for more accurate OSV
detections.

* **Chores**
  * Added configuration flag and updated expected config fixtures.

* **Tests**
* Added extensive tests for OSV sync, artifact handling, analyzer logic,
and cleanup behaviors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2026-04-03 15:59:32 -05:00

Konstantin Sykulev

8eaecfc9e1

OSV artifact generation for use in vulnerabilities repository (#42203 )

**Related issue:** Resolves #41571

**Full Artifacts:**
Ubuntu 14.04: 901 KB
Ubuntu 16.04: 2.0 MB
Ubuntu 18.04: 4.3 MB
Ubuntu 20.04: 5.9 MB
Ubuntu 22.04: 5.6 MB
Ubuntu 24.04: 1.7 MB
Ubuntu 24.10: 4.4 KB
Ubuntu 25.04: 6.0 KB
Ubuntu 25.10: 207 KB

**Total Size:**
All artifacts (full + deltas): 31 MB (was 54 MB)
Full artifacts only: ~20 MB (was ~27 MB)
Delta artifacts: ~11 MB (was ~27 MB)

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a vulnerability data processor that scans OSV JSON inputs,
aggregates per-Ubuntu-version artifacts, supports inclusive/exclusive
version filters, and can emit optional “today”/“yesterday” delta
artifacts.
* Added a repository sync-and-change-detection tool that generates
de-duplicated lists of CVE-related files changed today and yesterday.
* Processor expands certain package names (e.g., emacs) into additional
package entries for broader coverage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2026-03-25 13:02:26 -05:00

3 commits