rhel: deprecate updater in favor of VEX updater

We can extract vulnerability information about containers from the VEX data. This negates the need to look for it in the cvemap.xml file. This change modifies the VEX updater to allow for ingesting vulnerabilities in a way that can be matched my the RHCC matcher. Signed-off-by: crozzy <[email protected]>
quay · Sep 12, 2024 · 407a742 · 407a742
1 parent 85a0988
commit 407a742
Show file tree

Hide file tree

Showing 18 changed files with 3,850 additions and 917 deletions.
diff --git a/datastore/postgres/migrations/matcher/14-delete-rhcc-vulns.sql b/datastore/postgres/migrations/matcher/14-delete-rhcc-vulns.sql
@@ -0,0 +1,4 @@
+-- The rhel-vex updater will now be responsible for RHCC advisories so we have
+-- to delete the existing RHCC vulnerabilities.
+DELETE FROM update_operation WHERE updater = 'rhel-container-updater';
+DELETE FROM vuln where updater = 'rhel-container-updater';
diff --git a/datastore/postgres/migrations/migrations.go b/datastore/postgres/migrations/migrations.go
@@ -112,4 +112,8 @@ var MatcherMigrations = []migrate.Migration{
 		ID: 13,
 		Up: runFile("matcher/13-delete-rhel-oval.sql"),
 	},
+	{
+		ID: 14,
+		Up: runFile("matcher/14-delete-rhcc-vulns.sql"),
+	},
 }
diff --git a/rhel/rhcc/fetcher_test.go b/rhel/rhcc/fetcher_test.go
diff --git a/rhel/rhcc/parser_test.go b/rhel/rhcc/parser_test.go