search

AppThreat / vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.
MIT License
95 stars 22 forks source link

sqlite backend #107

Closed prabhu closed 7 months ago

prabhu commented 7 months ago

Rewritten to use sqlite backend with CVE 5.0 schema and vers.

Fixes #104 Fixes #83 Part support for #91

cc: @heubeck @saketjajoo could you kindly help test this with some purls?

saketjajoo commented 7 months ago

@prabhu Am I searching incorrectly?

Screenshot 2024-03-17 at 21 45 44
prabhu commented 7 months ago

@prabhu Am I searching incorrectly?

Screenshot 2024-03-17 at 21 45 44

It's a good test but for depscan. Vdb doesn't do aliasing so best to open the index db with a sqlite browser and use that data for searching. Or search by CVE

prabhu commented 7 months ago

@cerrussell @saketjajoo Please update and try with the latest commit that uses apsw instead of sqlite3. This should result in even smaller dbs with improved performance.

cerrussell commented 7 months ago

@prabhu The counts for the data vs index no longer match.

prabhu commented 7 months ago

@prabhu The counts for the data vs index no longer match.

Yes, this is fine. The index is only to know whether there is at least 1 matching CVE.