database

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package database provides SQLite persistence for CSVSA scan results.

This package implements a versioned migration system that manages schema evolution over time. Each migration is idempotent and can be applied safely multiple times.

Design Philosophy: - Pure Go SQLite (no CGO) via modernc.org/sqlite - Versioned migrations for schema evolution - Interface-based design for testability - Transactions for data integrity

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ConsensusType 

type ConsensusType string

ConsensusType represents the level of scanner agreement. 

const (
	ConsensusTypeConsensus ConsensusType = "consensus"
	ConsensusTypePartial   ConsensusType = "partial"
	ConsensusTypeUnique    ConsensusType = "unique"
)

type EPSSScore 

type EPSSScore struct {
	CVEID       string    `json:"cve_id"`
	EPSSScore   float64   `json:"epss_score"`
	Percentile  float64   `json:"percentile"`
	FetchedDate time.Time `json:"fetched_date"`
}

EPSSScore represents an EPSS score for a CVE.

type FindingWithDetails 

type FindingWithDetails struct {
	ScannerFinding
	Vulnerability VulnerabilityRecord `json:"vulnerability"`
	Image         Image               `json:"image"`
	EPSSScore     *EPSSScore          `json:"epss_score,omitempty"`
}

FindingWithDetails combines finding with vulnerability and EPSS data.

type Image 

type Image struct {
	ID       int64     `json:"id"`
	Name     string    `json:"name"`
	Category string    `json:"category"`
	ScanDate time.Time `json:"scan_date"`
}

Image represents a scanned container image record.

type Migration 

type Migration struct {
	Version     int
	Description string
	Up          string
	Down        string
}

Migration represents a single database schema migration.

type Migrator 

type Migrator struct {
	// contains filtered or unexported fields
}

Migrator handles database schema migrations.

func NewMigrator 

func NewMigrator(db *sql.DB, logger *slog.Logger) *Migrator

NewMigrator creates a new Migrator instance.

func (*Migrator) Migrate 

func (m *Migrator) Migrate(ctx context.Context) error

Migrate applies all pending migrations.

type SQLiteConfig 

type SQLiteConfig struct {
	Path   string
	Logger *slog.Logger
}

SQLiteConfig holds configuration for SQLite connection.

func DefaultConfig 

func DefaultConfig() SQLiteConfig

DefaultConfig returns a SQLiteConfig with sensible defaults.

type SQLiteStore 

type SQLiteStore struct {
	// contains filtered or unexported fields
}

SQLiteStore implements the Store interface using SQLite.

func NewSQLiteStore 

func NewSQLiteStore(ctx context.Context, cfg SQLiteConfig) (*SQLiteStore, error)

NewSQLiteStore creates a new SQLite store and applies migrations.

func (*SQLiteStore) BulkUpsertEPSSScores 

func (s *SQLiteStore) BulkUpsertEPSSScores(ctx context.Context, scores []EPSSScore) error

BulkUpsertEPSSScores inserts multiple EPSS scores in a transaction.

func (*SQLiteStore) Close 

func (s *SQLiteStore) Close() error

Close closes the database connection.

func (*SQLiteStore) CreateImage 

func (s *SQLiteStore) CreateImage(ctx context.Context, name, category string) (*Image, error)

CreateImage creates a new image record.

func (*SQLiteStore) CreateScannerFinding 

func (s *SQLiteStore) CreateScannerFinding(ctx context.Context, finding *ScannerFinding) error

CreateScannerFinding creates a new scanner finding record.

func (*SQLiteStore) GetAllFindingsWithEPSS 

func (s *SQLiteStore) GetAllFindingsWithEPSS(ctx context.Context) ([]FindingWithDetails, error)

GetAllFindingsWithEPSS retrieves all findings with vulnerability and EPSS data.

func (*SQLiteStore) GetAllUniqueCVEs 

func (s *SQLiteStore) GetAllUniqueCVEs(ctx context.Context) ([]string, error)

GetAllUniqueCVEs returns all distinct CVE IDs in the database.

func (*SQLiteStore) GetCachedCVEs 

func (s *SQLiteStore) GetCachedCVEs(ctx context.Context, cveIDs []string) ([]string, error)

GetCachedCVEs returns CVEs that already have cached EPSS scores.

func (*SQLiteStore) GetEPSSScore 

func (s *SQLiteStore) GetEPSSScore(ctx context.Context, cveID string) (*EPSSScore, error)

GetEPSSScore retrieves an EPSS score for a CVE.

func (*SQLiteStore) GetEPSSScoresBatch 

func (s *SQLiteStore) GetEPSSScoresBatch(ctx context.Context, cveIDs []string) (map[string]*EPSSScore, error)

GetEPSSScoresBatch retrieves EPSS scores for multiple CVEs efficiently.

func (*SQLiteStore) GetFindingsByCategory 

func (s *SQLiteStore) GetFindingsByCategory(ctx context.Context, category string) ([]FindingWithDetails, error)

GetFindingsByCategory retrieves findings for images in a specific category.

func (*SQLiteStore) GetFindingsByConsensusType 

func (s *SQLiteStore) GetFindingsByConsensusType(ctx context.Context, consensusType ConsensusType) ([]FindingWithDetails, error)

GetFindingsByConsensusType retrieves findings with a specific consensus type.

func (*SQLiteStore) GetFindingsForImage 

func (s *SQLiteStore) GetFindingsForImage(ctx context.Context, imageID int64) ([]ScannerFinding, error)

GetFindingsForImage retrieves all findings for an image.

func (*SQLiteStore) GetFindingsWithDetails 

func (s *SQLiteStore) GetFindingsWithDetails(ctx context.Context, imageID int64) ([]FindingWithDetails, error)

GetFindingsWithDetails retrieves findings with vulnerability and EPSS data.

func (*SQLiteStore) GetImage 

func (s *SQLiteStore) GetImage(ctx context.Context, id int64) (*Image, error)

GetImage retrieves an image by ID.

func (*SQLiteStore) GetImageByName 

func (s *SQLiteStore) GetImageByName(ctx context.Context, name string) (*Image, error)

GetImageByName retrieves the most recent image with the given name.

func (*SQLiteStore) GetUniqueCVEsForImage 

func (s *SQLiteStore) GetUniqueCVEsForImage(ctx context.Context, imageID int64) ([]string, error)

GetUniqueCVEsForImage returns distinct CVE IDs for an image.

func (*SQLiteStore) GetVulnerability 

func (s *SQLiteStore) GetVulnerability(ctx context.Context, cveID, pkg, version string) (*VulnerabilityRecord, error)

GetVulnerability retrieves a vulnerability by its natural key.

func (*SQLiteStore) ListImages 

func (s *SQLiteStore) ListImages(ctx context.Context) ([]Image, error)

ListImages retrieves all images.

func (*SQLiteStore) PersistScanResults 

func (s *SQLiteStore) PersistScanResults(ctx context.Context, imageName, category string, result *models.ConsensusResult) (*Image, error)

PersistScanResults saves a complete scan result to the database. This is called automatically after each scan to persist results.

func (*SQLiteStore) Ping 

func (s *SQLiteStore) Ping(ctx context.Context) error

Ping verifies the database connection.

func (*SQLiteStore) UpsertEPSSScore 

func (s *SQLiteStore) UpsertEPSSScore(ctx context.Context, score *EPSSScore) error

UpsertEPSSScore creates or updates an EPSS score.

func (*SQLiteStore) UpsertVulnerability 

func (s *SQLiteStore) UpsertVulnerability(ctx context.Context, vuln *VulnerabilityRecord) (*VulnerabilityRecord, error)

UpsertVulnerability creates or updates a vulnerability record.

type ScannerFinding 

type ScannerFinding struct {
	ID              int64         `json:"id"`
	ImageID         int64         `json:"image_id"`
	VulnerabilityID int64         `json:"vulnerability_id"`
	ScannerName     string        `json:"scanner_name"`
	ConsensusType   ConsensusType `json:"consensus_type"`
	FoundAt         time.Time     `json:"found_at"`
}

ScannerFinding links an image, vulnerability, and scanner.

type Store 

type Store interface {
	// Image operations
	CreateImage(ctx context.Context, name, category string) (*Image, error)
	GetImage(ctx context.Context, id int64) (*Image, error)
	GetImageByName(ctx context.Context, name string) (*Image, error)
	ListImages(ctx context.Context) ([]Image, error)

	// Vulnerability operations
	UpsertVulnerability(ctx context.Context, vuln *VulnerabilityRecord) (*VulnerabilityRecord, error)
	GetVulnerability(ctx context.Context, cveID, pkg, version string) (*VulnerabilityRecord, error)

	// Scanner finding operations
	CreateScannerFinding(ctx context.Context, finding *ScannerFinding) error
	GetFindingsForImage(ctx context.Context, imageID int64) ([]ScannerFinding, error)
	GetFindingsWithDetails(ctx context.Context, imageID int64) ([]FindingWithDetails, error)

	// EPSS operations
	UpsertEPSSScore(ctx context.Context, score *EPSSScore) error
	GetEPSSScore(ctx context.Context, cveID string) (*EPSSScore, error)
	GetCachedCVEs(ctx context.Context, cveIDs []string) ([]string, error)
	BulkUpsertEPSSScores(ctx context.Context, scores []EPSSScore) error

	// Bulk persist after scan
	PersistScanResults(ctx context.Context, imageName, category string, result *models.ConsensusResult) (*Image, error)

	// Analysis queries
	GetAllFindingsWithEPSS(ctx context.Context) ([]FindingWithDetails, error)

	// Management
	Close() error
	Ping(ctx context.Context) error
}

Store defines the interface for database operations.

type VulnerabilityRecord 

type VulnerabilityRecord struct {
	ID           int64           `json:"id"`
	CVEID        string          `json:"cve_id"`
	Package      string          `json:"package"`
	Version      string          `json:"version"`
	Severity     models.Severity `json:"severity"`
	FixedVersion string          `json:"fixed_version,omitempty"`
	Title        string          `json:"title,omitempty"`
	Description  string          `json:"description,omitempty"`
}

VulnerabilityRecord represents a vulnerability stored in the database.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.