rhel: deprecate updater in favor of VEX updater

We can extract vulnerability information about containers from the VEX data. This negates the need to look for it in the cvemap.xml file. This change modifies the VEX updater to allow for ingesting vulnerabilities in a way that can be matched my the RHCC matcher. Signed-off-by: crozzy <[email protected]>
quay · Aug 19, 2024 · 9e580e6 · 9e580e6
1 parent daaf5fd
commit 9e580e6
Show file tree

Hide file tree

Showing 18 changed files with 3,827 additions and 918 deletions.
diff --git a/datastore/postgres/migrations/matcher/14-delete-rhcc-vulns.sql b/datastore/postgres/migrations/matcher/14-delete-rhcc-vulns.sql
@@ -0,0 +1,4 @@
+-- The rhel-vex updater will now be responsible for RHCC advisories so we have
+-- to delete the existing RHCC vulnerabilities.
+DELETE FROM update_operation WHERE updater = 'rhel-container-updater';
+DELETE FROM vuln where updater = 'rhel-container-updater';
diff --git a/datastore/postgres/migrations/migrations.go b/datastore/postgres/migrations/migrations.go
@@ -112,4 +112,8 @@ var MatcherMigrations = []migrate.Migration{
 		ID: 13,
 		Up: runFile("matcher/13-delete-rhel-oval.sql"),
 	},
+	{
+		ID: 14,
+		Up: runFile("matcher/14-delete-rhcc-vulns.sql"),
+	},
 }
diff --git a/rhel/rhcc/fetcher_test.go b/rhel/rhcc/fetcher_test.go
diff --git a/rhel/rhcc/parser_test.go b/rhel/rhcc/parser_test.go