Add debian legacy cache processing #117
Merged
+383
−12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Legacy debian vulnerability data has been added to the OCI debian cache for releases 7, 8, and 9. Today this processes direct output from the Enterprise Feed Service. In the future this should be modified to additionally process flat-file output from the provider itself.
This PR changes the debian provider to be able to leverage this cache and bake it into the DB. Addresses anchore/grype#1176 .
The quality gate has been updated to incorporate the cache into testing.
One outstanding issue: the quality gate did not catch this to begin with, even though a representative image was under test. This will be dealt with in a follow up PR, however, the reason for this is because the gate narrows the set of namespaces to consider to what was found in the test DB. Since the debian 7/8/9 namespaces were missing, they were considered to not be under test. A follow up enhancement will fail the QG if no results were found at all (regardless of the relative comparison / label results).