Skip to content

Add VMware Photon Importer#2198

Open
Samk1710 wants to merge 5 commits into
aboutcode-org:mainfrom
Samk1710:add-vmware-photon-advisories
Open

Add VMware Photon Importer#2198
Samk1710 wants to merge 5 commits into
aboutcode-org:mainfrom
Samk1710:add-vmware-photon-advisories

Conversation

@Samk1710
Copy link
Copy Markdown
Contributor

@Samk1710 Samk1710 commented Mar 4, 2026
edited
Loading

Addresses:

Data Source:

Importer Logs:

python manage.py import vmware_photon_importer_v2
Importing data using vmware_photon_importer_v2
INFO 2026-03-04 17:23:55.130041 UTC Pipeline [VmwarePhotonImporterPipeline] starting
INFO 2026-03-04 17:23:55.130320 UTC Step [fetch] starting
INFO 2026-03-04 17:23:55.130450 UTC Fetching `https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon1.0.json`
INFO 2026-03-04 17:23:55.433863 UTC Fetching `https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon2.0.json`
INFO 2026-03-04 17:23:56.639570 UTC Fetching `https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon3.0.json`
INFO 2026-03-04 17:23:57.536211 UTC Fetching `https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon4.0.json`
INFO 2026-03-04 17:23:58.438806 UTC Fetching `https://packages.vmware.com/photon/photon_cve_metadata/cve_data_photon5.0.json`
INFO 2026-03-04 17:23:58.860614 UTC Fetched 131,740 total records from 5 sources
INFO 2026-03-04 17:23:58.864502 UTC Step [fetch] completed in 4 seconds
INFO 2026-03-04 17:23:58.865357 UTC Step [group_records_by_cve] starting
INFO 2026-03-04 17:23:59.008181 UTC Grouped 131,740 records into 9,756 unique CVEs (skipped 27,050 non-affected)
INFO 2026-03-04 17:23:59.008502 UTC Step [group_records_by_cve] completed in 0 seconds
INFO 2026-03-04 17:23:59.008592 UTC Step [collect_and_store_advisories] starting
INFO 2026-03-04 17:23:59.008654 UTC Collecting 9,756 advisories
INFO 2026-03-04 17:24:49.480593 UTC Progress: 10% (976/9756) ETA: 454 seconds (7.6 minutes)
INFO 2026-03-04 17:25:48.235676 UTC Progress: 20% (1952/9756) ETA: 437 seconds (7.3 minutes)
INFO 2026-03-04 17:26:36.026585 UTC Progress: 30% (2927/9756) ETA: 366 seconds (6.1 minutes)
INFO 2026-03-04 17:27:54.725572 UTC Progress: 40% (3903/9756) ETA: 354 seconds (5.9 minutes)
INFO 2026-03-04 17:28:40.586061 UTC Progress: 50% (4878/9756) ETA: 282 seconds (4.7 minutes)
INFO 2026-03-04 17:30:35.500175 UTC Progress: 60% (5854/9756) ETA: 264 seconds (4.4 minutes)
INFO 2026-03-04 17:33:35.196096 UTC Progress: 70% (6830/9756) ETA: 247 seconds (4.1 minutes)
INFO 2026-03-04 17:35:05.602894 UTC Progress: 80% (7805/9756) ETA: 167 seconds (2.8 minutes)
INFO 2026-03-04 17:36:50.326030 UTC Progress: 90% (8781/9756) ETA: 86 seconds (1.4 minutes)
INFO 2026-03-04 17:38:17.253889 UTC Progress: 100% (9756/9756)
INFO 2026-03-04 17:38:17.281977 UTC Successfully collected 9,756 advisories
INFO 2026-03-04 17:38:17.282206 UTC Step [collect_and_store_advisories] completed in 858 seconds (14.3 minutes)
INFO 2026-03-04 17:38:17.282305 UTC Pipeline completed in 862 seconds (14.4 minutes)

@Samk1710
Copy link
Copy Markdown
Contributor Author

Samk1710 commented Mar 4, 2026
edited
Loading

After discussions in the community meeting, I moved forward with https://packages.vmware.com/photon/photon_cve_metadata/ as the data source.

cve_score is verified to be CVSS3 from the corresponding NVD entry, for example:
https://nvd.nist.gov/vuln/detail/CVE-2024-43853

@ziadhany ziadhany self-requested a review March 4, 2026 21:53
ziadhany
ziadhany reviewed Mar 12, 2026
View reviewed changes
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py Outdated
ziadhany
ziadhany requested changes Mar 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710, the code looks good.
See some comments below.

Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py Outdated
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py Outdated
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py Outdated
@Samk1710
Copy link
Copy Markdown
Contributor Author

Samk1710 commented Mar 15, 2026

@ziadhany I have implemented the changes you suggested. Do have a look when time. Thanks.

@Samk1710 Samk1710 requested a review from ziadhany March 15, 2026 17:22
@Samk1710
Copy link
Copy Markdown
Contributor Author

Samk1710 commented Apr 1, 2026

@ziadhany Can you take a look at the changes and let me know if this PR need further modifications?

ziadhany
ziadhany requested changes Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 The code looks good overall, just a few minor nits.

See the comments there.

Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py Outdated
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
Samk1710 added 5 commits April 7, 2026 15:17
@Samk1710
Add VMware Photon Importer
763eed6 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Fix repo_url
9068f65 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Fetch Photon CVE data sources dynamically from index
b3f6a50 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refactor per review
4f6d2c7 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710
Refcator and add docstring to fetch method
80eb6a6 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@Samk1710 Samk1710 force-pushed the add-vmware-photon-advisories branch from c1a2688 to 80eb6a6 Compare April 7, 2026 10:29
@Samk1710
Copy link
Copy Markdown
Contributor Author

Samk1710 commented Apr 7, 2026

@Samk1710 The code looks good overall, just a few minor nits.

See the comments there.

@ziadhany Thanks for the suggestions. I have implemented them.

@Samk1710 Samk1710 requested a review from ziadhany April 7, 2026 19:33
ziadhany
ziadhany reviewed May 11, 2026
View reviewed changes
Comment thread vulnerabilities/pipelines/v2_importers/vmware_photon_importer_v2.py
Comment on lines +27 to +38
class VmwarePhotonImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
"""Collect advisories from Vmware Photon Advisory.

Example of advisory
{
"cve_id": "CVE-2020-11979",
"pkg": "apache-ant",
"cve_score": 7.5,
"aff_ver": "all versions before 1.10.8-2.ph1 are vulnerable",
"res_ver": "1.10.8-2.ph1"
}
"""
Copy link
Copy Markdown
Collaborator

@ziadhany ziadhany May 11, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 I think VMware updated the advisory data. See:
https://packages.broadcom.com/photon/photon_cve_metadata/cve/

Copy link
Copy Markdown
Contributor Author

@Samk1710 Samk1710 May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 I think VMware updated the advisory data. See: https://packages.broadcom.com/photon/photon_cve_metadata/cve/

@ziadhany Yes, the schema and endpoint have some changes. Will have to adjust and update some parts. Will surely look into it after my exams :) Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ziadhany ziadhany ziadhany requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Samk1710 @ziadhany