vdb

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2026 License: AGPL-3.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// StaticEnumTTL is the cache TTL for slowly-changing enumeration endpoints.
	StaticEnumTTL = 1 * time.Hour
	// PaginatedEnumTTL is the cache TTL for paginated list endpoints.
	PaginatedEnumTTL = 5 * time.Minute
)
View Source 
const (
	DefaultBaseURL    = "https://api.vdb.vulnetix.com"
	DefaultAPIVersion = "/v1"
	Region            = "us-east-1"
	Service           = "vdb"
	Algorithm         = "AWS4-HMAC-SHA512"
	TokenExpiry       = 15 * time.Minute
	MaxRetries        = 2
	BaseBackoff       = 2 * time.Second
)

Variables

This section is empty.

Functions

func LoadCredentials 

func LoadCredentials() (orgID, secretKey string, err error)

LoadCredentials loads VDB credentials using the centralized auth package. Returns orgID and secretKey for backward compatibility with existing callers.

func LoadFullCredentials 

func LoadFullCredentials() (*auth.Credentials, error)

LoadFullCredentials loads credentials as a full Credentials struct

Types

type CVEInfo 

type CVEInfo struct {
	Data interface{} // Store full response for display (array or object)
}

CVEInfo represents vulnerability information for a CVE

type Client 

type Client struct {
	BaseURL         string
	APIVersion      string
	OrgID           string
	SecretKey       string
	AuthMethod      auth.AuthMethod
	APIKey          string // hex digest for Direct API Key auth
	HTTPClient      *http.Client
	LastRateLimit   *RateLimitInfo
	LastCacheStatus string // "HIT", "MISS", "LOCAL", "REVALIDATED", or "" if no X-Cache header
	Cache           *cache.DiskCache
	NoCache         bool
	RefreshCache    bool
	// contains filtered or unexported fields
}

Client represents a VDB API client

func NewClient 

func NewClient(orgID, secretKey string) *Client

NewClient creates a new VDB API client using SigV4 auth

func NewClientFromCredentials 

func NewClientFromCredentials(creds *auth.Credentials) *Client

NewClientFromCredentials creates a VDB API client from centralized credentials

func (*Client) DoRequest 

func (c *Client) DoRequest(method, path string, body interface{}) ([]byte, error)

DoRequest performs an authenticated API request with retry for transient errors.

func (*Client) DoRequestCached added in v1.5.0 

func (c *Client) DoRequestCached(method, path string, body interface{}, ttl time.Duration) ([]byte, error)

DoRequestCached performs an authenticated, cached GET request. For non-GET or when cache is disabled, it falls through to DoRequest.

func (*Client) DoRequestMultipart added in v1.0.0 

func (c *Client) DoRequestMultipart(path, filePath, fileField string, fields map[string]string) ([]byte, error)

DoRequestMultipart performs an authenticated multipart/form-data API request.

func (*Client) DoRequestRawBody added in v1.0.0 

func (c *Client) DoRequestRawBody(method, path string, body []byte, contentType string) ([]byte, error)

DoRequestRawBody performs an authenticated API request with a raw body (not JSON-marshaled).

func (*Client) GetCVE 

func (c *Client) GetCVE(cveID string) (*CVEInfo, error)

GetCVE retrieves full vulnerability data for a specific CVE

func (*Client) GetCVEFixes 

func (c *Client) GetCVEFixes(identifier string) (map[string]interface{}, error)

GetCVEFixes retrieves fix data for a specific CVE identifier

func (*Client) GetCVETimeline added in v1.6.0 

func (c *Client) GetCVETimeline(identifier string, params TimelineParams) (map[string]interface{}, error)

GetCVETimeline retrieves the vulnerability timeline from the v1 API.

func (*Client) GetCVEsByDateRange 

func (c *Client) GetCVEsByDateRange(start, end string) (map[string]interface{}, error)

GetCVEsByDateRange retrieves paginated CVEs by date range

func (*Client) GetEcosystemGroupPackage added in v1.0.0 

func (c *Client) GetEcosystemGroupPackage(ecosystem, group, artifact string) (map[string]interface{}, error)

GetEcosystemGroupPackage retrieves Maven-style group/artifact information in a specific ecosystem

func (*Client) GetEcosystemPackage added in v1.0.0 

func (c *Client) GetEcosystemPackage(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackage retrieves package information scoped to a specific ecosystem

func (*Client) GetEcosystemPackageVersions added in v1.0.0 

func (c *Client) GetEcosystemPackageVersions(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackageVersions retrieves version information for a package in a specific ecosystem

func (*Client) GetEcosystems 

func (c *Client) GetEcosystems() ([]Ecosystem, error)

GetEcosystems retrieves the list of available ecosystems

func (*Client) GetExploitSources 

func (c *Client) GetExploitSources() (map[string]interface{}, error)

GetExploitSources retrieves the list of exploit intelligence sources

func (*Client) GetExploitTypes 

func (c *Client) GetExploitTypes() (map[string]interface{}, error)

GetExploitTypes retrieves the list of exploit type classifications

func (*Client) GetExploits 

func (c *Client) GetExploits(identifier string) (map[string]interface{}, error)

GetExploits retrieves exploit intelligence for a specific CVE identifier

func (*Client) GetFixDistributions 

func (c *Client) GetFixDistributions() (map[string]interface{}, error)

GetFixDistributions retrieves the list of supported Linux distributions for fix advisories

func (*Client) GetGCVEIssuances 

func (c *Client) GetGCVEIssuances(year, month, limit, offset int) (*GCVEIssuancesResponse, error)

GetGCVEIssuances retrieves GCVE issuances for a given year/month with pagination

func (*Client) GetHealth 

func (c *Client) GetHealth() (map[string]interface{}, error)

GetHealth checks the API health endpoint (unauthenticated, root-level path).

func (*Client) GetIdentifiersByMonth 

func (c *Client) GetIdentifiersByMonth(year, month, limit, offset int) (*IdentifiersMonthResponse, error)

GetIdentifiersByMonth retrieves CVE identifiers published in a given year/month

func (*Client) GetMetricTypes 

func (c *Client) GetMetricTypes() (map[string]interface{}, error)

GetMetricTypes retrieves the list of vulnerability metric/scoring types

func (*Client) GetOpenAPISpec 

func (c *Client) GetOpenAPISpec() (map[string]interface{}, error)

GetOpenAPISpec retrieves the OpenAPI specification

func (*Client) GetPackageVersions 

func (c *Client) GetPackageVersions(packageName string) (map[string]interface{}, error)

GetPackageVersions retrieves all known versions for a package across ecosystems

func (*Client) GetPackageVulnerabilities 

func (c *Client) GetPackageVulnerabilities(packageName string, limit, offset int) (*VulnerabilitiesResponse, error)

GetPackageVulnerabilities retrieves vulnerabilities for a package

func (*Client) GetProductVersion 

func (c *Client) GetProductVersion(productName, version string) (map[string]interface{}, error)

GetProductVersion retrieves information for a specific product version

func (*Client) GetProductVersionEcosystem 

func (c *Client) GetProductVersionEcosystem(productName, version, ecosystem string) (map[string]interface{}, error)

GetProductVersionEcosystem retrieves product version information scoped to a specific ecosystem

func (*Client) GetProductVersions 

func (c *Client) GetProductVersions(productName string, limit, offset int) (*ProductVersionsResponse, error)

GetProductVersions retrieves all versions for a product with pagination

func (*Client) GetSources 

func (c *Client) GetSources() (map[string]interface{}, error)

GetSources retrieves the list of vulnerability data sources

func (*Client) GetToken 

func (c *Client) GetToken() (string, error)

GetToken retrieves a valid JWT token (from cache or by requesting a new one)

func (*Client) SearchExploits added in v1.0.0 

func (c *Client) SearchExploits(params ExploitSearchParams) (map[string]interface{}, error)

SearchExploits searches for exploits across CVEs with pagination and filters

func (*Client) SearchIdentifiers 

func (c *Client) SearchIdentifiers(prefix string, limit, offset int) (*IdentifiersSearchResponse, error)

SearchIdentifiers retrieves CVE identifiers matching a prefix

func (*Client) SearchPackages added in v1.0.0 

func (c *Client) SearchPackages(query, ecosystem string, limit, offset int) (map[string]interface{}, error)

SearchPackages performs a full-text search across packages

func (*Client) V2Advisories added in v1.0.0 

func (c *Client) V2Advisories(id string) (map[string]interface{}, error)

V2Advisories retrieves advisory data for a vulnerability.

func (*Client) V2Affected added in v1.0.0 

func (c *Client) V2Affected(id string, p V2QueryParams) (map[string]interface{}, error)

V2Affected retrieves affected product/package data for a vulnerability.

func (*Client) V2CloudLocators added in v1.8.0 

func (c *Client) V2CloudLocators(vendor, product string) (map[string]interface{}, error)

V2CloudLocators retrieves cloud resource locator templates for a vendor/product pair.

func (*Client) V2CweGuidance added in v1.0.0 

func (c *Client) V2CweGuidance(id string) (map[string]interface{}, error)

V2CweGuidance retrieves CWE-based guidance for a vulnerability.

func (*Client) V2DistributionPatches added in v1.0.0 

func (c *Client) V2DistributionPatches(id string, p V2QueryParams) (map[string]interface{}, error)

V2DistributionPatches retrieves distribution patch data for a vulnerability.

func (*Client) V2Kev added in v1.0.0 

func (c *Client) V2Kev(id string) (map[string]interface{}, error)

V2Kev retrieves CISA KEV (Known Exploited Vulnerabilities) data.

func (*Client) V2RegistryFixes added in v1.0.0 

func (c *Client) V2RegistryFixes(id string, p V2QueryParams) (map[string]interface{}, error)

V2RegistryFixes retrieves registry-sourced fixes for a vulnerability.

func (*Client) V2RemediationPlan added in v1.0.0 

func (c *Client) V2RemediationPlan(id string, p V2RemediationParams) (map[string]interface{}, error)

V2RemediationPlan retrieves a context-aware remediation plan for a vulnerability.

func (*Client) V2ScanCycloneDX added in v1.0.0 

func (c *Client) V2ScanCycloneDX(filePath string) (map[string]interface{}, error)

V2ScanCycloneDX uploads a CycloneDX document for scanning.

func (*Client) V2ScanManifest added in v1.0.0 

func (c *Client) V2ScanManifest(filePath, manifestType, ecosystem string) (map[string]interface{}, error)

V2ScanManifest uploads a manifest file for scanning.

func (*Client) V2ScanSPDX added in v1.0.0 

func (c *Client) V2ScanSPDX(filePath string) (map[string]interface{}, error)

V2ScanSPDX uploads an SPDX document for scanning.

func (*Client) V2ScanStatus added in v1.0.0 

func (c *Client) V2ScanStatus(scanID string) (map[string]interface{}, error)

V2ScanStatus retrieves the status of a scan.

func (*Client) V2Scorecard added in v1.0.0 

func (c *Client) V2Scorecard(id string) (map[string]interface{}, error)

V2Scorecard retrieves the vulnerability scorecard.

func (*Client) V2SourceFixes added in v1.0.0 

func (c *Client) V2SourceFixes(id string, p ...V2QueryParams) (map[string]interface{}, error)

V2SourceFixes retrieves upstream source fixes for a vulnerability.

func (*Client) V2Timeline added in v1.0.0 

func (c *Client) V2Timeline(id string, p V2TimelineParams) (map[string]interface{}, error)

V2Timeline retrieves the vulnerability timeline with optional filters.

func (*Client) V2Workarounds added in v1.0.0 

func (c *Client) V2Workarounds(id string) (map[string]interface{}, error)

V2Workarounds retrieves workaround information for a vulnerability.

type Ecosystem 

type Ecosystem struct {
	Name  string `json:"name"`
	Count int    `json:"count"`
}

Ecosystem represents a single ecosystem entry

type EcosystemsResponse 

type EcosystemsResponse struct {
	Timestamp  int64       `json:"timestamp"`
	Ecosystems []Ecosystem `json:"ecosystems"`
}

EcosystemsResponse represents the ecosystems list response

type ErrorResponse 

type ErrorResponse struct {
	Success bool   `json:"success"`
	Error   string `json:"error"`
	Details string `json:"details,omitempty"`
}

ErrorResponse represents an API error response

type ExploitSearchParams added in v1.0.0 

type ExploitSearchParams struct {
	Limit     int
	Offset    int
	Ecosystem string
	Source    string
	Severity  string
	Sort      string
	Query     string
	InKev     string
	MinEpss   string
}

type GCVEIssuanceIdentifier 

type GCVEIssuanceIdentifier struct {
	GcveID        string `json:"gcveId"`
	CveID         string `json:"cveId"`
	DatePublished int64  `json:"datePublished"`
}

GCVEIssuanceIdentifier represents a single GCVE issuance record

type GCVEIssuancesResponse 

type GCVEIssuancesResponse struct {
	Timestamp   int64                    `json:"timestamp"`
	Year        int                      `json:"year"`
	Month       int                      `json:"month"`
	Total       int                      `json:"total"`
	Limit       int                      `json:"limit"`
	Offset      int                      `json:"offset"`
	HasMore     bool                     `json:"hasMore"`
	Identifiers []GCVEIssuanceIdentifier `json:"identifiers"`
}

GCVEIssuancesResponse represents the paginated GCVE issuances response

type IdentifiersMonthResponse 

type IdentifiersMonthResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Year        int      `json:"year"`
	Month       int      `json:"month"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersMonthResponse represents the paginated CVE identifiers response by month

type IdentifiersSearchResponse 

type IdentifiersSearchResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Prefix      string   `json:"prefix"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersSearchResponse represents the paginated CVE identifiers search response

type ProductVersionsResponse 

type ProductVersionsResponse struct {
	PackageName string          `json:"packageName"`
	Timestamp   int64           `json:"timestamp"`
	Total       int             `json:"total"`
	Limit       int             `json:"limit"`
	Offset      int             `json:"offset"`
	HasMore     bool            `json:"hasMore"`
	Versions    []VersionRecord `json:"versions"`
}

ProductVersionsResponse represents product versions with pagination

type RateLimitInfo 

type RateLimitInfo struct {
	MinuteLimit   int
	Remaining     int
	Reset         int
	WeekLimit     int
	WeekRemaining int
	WeekReset     int
	Present       bool
}

RateLimitInfo holds rate limit data returned in API response headers.

type TimelineParams added in v1.6.0 

type TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

ExploitSearchParams holds parameters for the exploit search endpoint TimelineParams holds filter parameters for the /vuln/{id}/timeline endpoint.

type TokenCache 

type TokenCache struct {
	Token     string
	ExpiresAt time.Time
}

TokenCache stores the JWT token and its expiration

type TokenResponse 

type TokenResponse struct {
	Token string `json:"token"`
	Iss   string `json:"iss"`
	Sub   string `json:"sub"`
	Exp   int64  `json:"exp"`
}

TokenResponse represents the JWT token response

type V2QueryParams added in v1.0.0 

type V2QueryParams struct {
	Ecosystem   string
	PackageName string
	Vendor      string
	Product     string
	Distro      string
	Purl        string
	Limit       int
	Offset      int
}

V2QueryParams holds common context-filter query parameters for V2 endpoints.

type V2RemediationParams added in v1.0.0 

type V2RemediationParams struct {
	V2QueryParams
	CurrentVersion           string
	PackageManager           string
	ContainerImage           string
	OS                       string
	Registry                 string
	IncludeGuidance          bool
	IncludeVerificationSteps bool
}

V2RemediationParams extends V2QueryParams with remediation-plan-specific parameters.

type V2TimelineParams added in v1.6.0 

type V2TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

V2TimelineParams holds filter parameters for the v2 timeline endpoint.

type VersionRecord 

type VersionRecord struct {
	Version   string          `json:"version"`
	Ecosystem string          `json:"ecosystem"`
	Sources   []VersionSource `json:"sources"`
	CVEIDs    []string        `json:"cveIds,omitempty"`
}

VersionRecord represents a single version entry with ecosystem and sources

type VersionSource 

type VersionSource struct {
	SourceTable string                 `json:"sourceTable"`
	SourceID    string                 `json:"sourceId"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

VersionSource represents a data source entry for a product version

type VulnerabilitiesResponse 

type VulnerabilitiesResponse struct {
	PackageName     string          `json:"packageName"`
	Timestamp       int64           `json:"timestamp"`
	TotalCVEs       int             `json:"totalCVEs"`
	Total           int             `json:"total"`
	Limit           int             `json:"limit"`
	Offset          int             `json:"offset"`
	HasMore         bool            `json:"hasMore"`
	Versions        []VersionRecord `json:"versions"`
	Vulnerabilities []VersionRecord `json:"vulnerabilities"` // alternative key used by some API paths
	RawData         interface{}     `json:"-"`               // full parsed response for fallback display
}

VulnerabilitiesResponse represents vulnerabilities for a package

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.