localmatcher

package

v2.3.2 Latest Latest Go to latest Published: Jan 15, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Open Source Insights

Documentation ¶

Overview ¶

Package localmatcher implements a vulnerability matcher that uses a local database downloaded from osv.dev's export bucket.

Index ¶

Variables
func VulnerabilitiesAffectingPackage(allVulns []*osvschema.Vulnerability, pkg imodels.PackageInfo) []*osvschema.Vulnerability
type LocalMatcher
- func NewLocalMatcher(localDBPath string, userAgent string, downloadDB bool) (*LocalMatcher, error)
- func (matcher *LocalMatcher) LoadEcosystem(ctx context.Context, eco osvecosystem.Parsed) error
- func (matcher *LocalMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Package) ([][]*osvschema.Vulnerability, error)
type ZipDB
- func NewZippedDB(ctx context.Context, dbBasePath, name, url, userAgent string, offline bool, ...) (*ZipDB, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrOfflineDatabaseNotFound = errors.New("no offline version of the OSV database is available")

Functions ¶

func VulnerabilitiesAffectingPackage ¶

func VulnerabilitiesAffectingPackage(allVulns []*osvschema.Vulnerability, pkg imodels.PackageInfo) []*osvschema.Vulnerability

VulnerabilitiesAffectingPackage returns the vulnerabilities that affects the provided package

TODO: Move this to another file.

Types ¶

type LocalMatcher ¶

type LocalMatcher struct {
	// contains filtered or unexported fields
}

LocalMatcher implements the VulnerabilityMatcher interface by downloading the osv export zip files, and performing the matching locally.

func NewLocalMatcher ¶

func NewLocalMatcher(localDBPath string, userAgent string, downloadDB bool) (*LocalMatcher, error)

func (*LocalMatcher) LoadEcosystem ¶

func (matcher *LocalMatcher) LoadEcosystem(ctx context.Context, eco osvecosystem.Parsed) error

LoadEcosystem tries to preload the ecosystem into the cache, and returns an error if the ecosystem cannot be loaded.

Preloaded databases include every advisory, so can be reused.

func (*LocalMatcher) MatchVulnerabilities ¶

func (matcher *LocalMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Package) ([][]*osvschema.Vulnerability, error)

type ZipDB ¶

type ZipDB struct {
	// the name of the database
	Name string
	// the url that the zip archive was downloaded from
	ArchiveURL string
	// whether this database should make any network requests
	Offline bool
	// the path to the zip archive on disk
	StoredAt string
	// the vulnerabilities that are loaded into this database
	Vulnerabilities []*osvschema.Vulnerability
	// User agent to query with
	UserAgent string

	// whether this database only has some of the advisories
	// loaded from the underlying zip file
	Partial bool
}

func NewZippedDB ¶

func NewZippedDB(ctx context.Context, dbBasePath, name, url, userAgent string, offline bool, invs []*extractor.Package) (*ZipDB, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL