Skip to content

feat(vulnerability): adapt API to v13s risk-tier model #452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ybelMekk wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat(vulnerability): adapt API to v13s risk-tier model #452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
84e4f2f
feat: add CVE priority levels to vulnerability GraphQL API and issue …
ybelMekk May 25, 2026
260eb06
feat(vulnerability): expose CVE priority, EPSS, KEV fields in GraphQL…
ybelMekk May 28, 2026
9082c76
chore: bump v13s to v0.0.0-20260528121134-739c7136ac8e (cve-priority …
ybelMekk May 28, 2026
e6d5940
refactor: simplify toWorkloadVulnerabilitySummary — v13s now zeroes c…
ybelMekk May 28, 2026
0b44584
fix: resolve leftover go.mod/go.sum conflict markers
ybelMekk Jun 2, 2026
2cfe1ba
fix: address gosec int32 cast and update issue expectation
ybelMekk Jun 2, 2026
59d89b7
chore(deps): bump v13s api to af9d5e6
ybelMekk Jun 2, 2026
7f8080c
fix(vulnerability): adapt API to v13s risk-tier model
ybelMekk Jun 2, 2026
9c07661
test(vulnerability): cover CVE risk-tier derivation
ybelMekk Jun 2, 2026
6cf710f
feat(vulnerability): expose fixVersion on image vulnerabilities
ybelMekk Jun 2, 2026
b137ed7
fix(vulnerability): handle RISK_TIER_UNSPECIFIED in risk-tier mapping
ybelMekk Jun 3, 2026
c77ac99
feat(vulnerability): expose KEV and EPSS fields on ImageVulnerability
ybelMekk Jun 3, 2026
cb7f720
fix(vulnerability): map PRIORITY sort to cve priority order
ybelMekk Jun 3, 2026
d5f820d
chore(deps): bump v13s api after exploitable removal
ybelMekk Jun 4, 2026
e133afd
fix(vulnerability): clean enum docs and normalize fake EPSS percentile
ybelMekk Jun 4, 2026
63a3ae7
feat(vulnerability): add ransomwareCount, highEpssCount, and topRiskT…
ybelMekk Jun 9, 2026
a580717
feat(vulnerability): add riskTier field to vulnerability summaries
ybelMekk Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/nais/api

go 1.26.3
go 1.26.4

tool (
github.com/99designs/gqlgen
Expand Down Expand Up @@ -44,7 +44,7 @@ require (
github.com/nais/pgrator/pkg/api v0.0.0-20260219115817-cf954d58c04e
github.com/nais/tester v0.1.1
github.com/nais/unleasherator v0.0.0-20251216221129-efebc54203fe
github.com/nais/v13s/pkg/api v0.0.0-20260528080657-d4f49e5737da
github.com/nais/v13s/pkg/api v0.0.0-20260609085403-62cd3b4768b7
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pressly/goose/v3 v3.27.0
github.com/prometheus/client_golang v1.23.2
Expand Down Expand Up @@ -79,7 +79,7 @@ require (
golang.org/x/sync v0.20.0
golang.org/x/text v0.37.0
golang.org/x/tools v0.44.0
google.golang.org/api v0.280.0
google.golang.org/api v0.283.0
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
google.golang.org/grpc v1.81.1
google.golang.org/protobuf v1.36.11
Expand Down Expand Up @@ -240,7 +240,7 @@ require (
github.com/google/flatbuffers v25.12.19+incompatible // indirect
github.com/google/gnostic-models v0.7.1 // indirect
github.com/google/s2a-go v0.1.9 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.15 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.16 // indirect
github.com/googleapis/gax-go/v2 v2.22.0 // indirect
github.com/gookit/color v1.6.0 // indirect
github.com/gorilla/mux v1.8.1 // indirect
Expand Down Expand Up @@ -465,7 +465,7 @@ require (
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
google.golang.org/genai v1.54.0 // indirect
google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260511170946-3700d4141b60 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260523011958-0a33c5d7ca68 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
Expand Down
12 changes: 10 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.3.15 h1:xolVQTEXusUcAA5UgtyRLjelpFFHWlPQ4XfWGc7MBas=
github.com/googleapis/enterprise-certificate-proxy v0.3.15/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
github.com/googleapis/enterprise-certificate-proxy v0.3.16 h1:F/VPrx0YPBdksZJQdCAp0WUsqnNmZpUZszzfYt0M5Dw=
github.com/googleapis/enterprise-certificate-proxy v0.3.16/go.mod h1:9Yb0eAkH/Xqhvv3zbeKf/+wMJqCeocWc6KIhDvEAuYE=
github.com/googleapis/gax-go/v2 v2.22.0 h1:PjIWBpgGIVKGoCXuiCoP64altEJCj3/Ei+kSU5vlZD4=
github.com/googleapis/gax-go/v2 v2.22.0/go.mod h1:irWBbALSr0Sk3qlqb9SyJ1h68WjgeFuiOzI4Rqw5+aY=
github.com/gookit/assert v0.1.1 h1:lh3GcawXe/p+cU7ESTZ5Ui3Sm/x8JWpIis4/1aF0mY0=
Expand Down Expand Up @@ -813,8 +815,10 @@ github.com/nais/tester v0.1.1 h1:tpJ5HKpu3mEIWX/mec0Yj0xLHEpt+MwTAsj282n0Py0=
github.com/nais/tester v0.1.1/go.mod h1:NCQMcgftHz/EXorob1XwDTOqkQmImDqr51YQ2Uea9Pc=
github.com/nais/unleasherator v0.0.0-20251216221129-efebc54203fe h1:CdRVopOihru4tXVwKZjhg6C8SbPLCQYOhJKpjBZYhjg=
github.com/nais/unleasherator v0.0.0-20251216221129-efebc54203fe/go.mod h1:Tiz/1If3WgcfvNhmsO5DiQC+L+1XhBG3KWbIfbjx4EU=
github.com/nais/v13s/pkg/api v0.0.0-20260528080657-d4f49e5737da h1:59leNz7qKRctGQS6xUnPzVUqa2NnEzVlwMDAWyhUwJs=
github.com/nais/v13s/pkg/api v0.0.0-20260528080657-d4f49e5737da/go.mod h1:KBuEYLBJOFM36G7D5RAZ5oRyUv0/IOK9JCgkUS1eqqY=
github.com/nais/v13s/pkg/api v0.0.0-20260604080807-5ff2f400c716 h1:FpEOQH7TP50xuVCkkcMk+ZaSRnxhmHZmuhDVPGL56sU=
github.com/nais/v13s/pkg/api v0.0.0-20260604080807-5ff2f400c716/go.mod h1:KBuEYLBJOFM36G7D5RAZ5oRyUv0/IOK9JCgkUS1eqqY=
github.com/nais/v13s/pkg/api v0.0.0-20260609085403-62cd3b4768b7 h1:mKyZ86EL7tvEaGuY6gj0IDmdYf1cKc2ujG0jer1RVpA=
github.com/nais/v13s/pkg/api v0.0.0-20260609085403-62cd3b4768b7/go.mod h1:D1ungKHGg4t242rWJXdusLiOs6clseEezpt1o1pU4aE=
github.com/ncruces/go-sqlite3 v0.32.0 h1:hNBUXp88LrfQCsuyXLqWTbTUG35sUuktDsqhhgHvU20=
github.com/ncruces/go-sqlite3 v0.32.0/go.mod h1:MIWTK60ONDl0oVY073zYvJP21C3Dly6P9bxVpgkLwdQ=
github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
Expand Down Expand Up @@ -1418,6 +1422,8 @@ gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E
gonum.org/v1/netlib v0.0.0-20181029234149-ec6d1f5cefe6/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
google.golang.org/api v0.280.0 h1:F4OfEHZhZh6a7uTufJAXXVd/2TQ8EjM4vZH+jX/vFYk=
google.golang.org/api v0.280.0/go.mod h1:oGKmPZRDoD3vdkf6MA7F4VNkR1rxCiuaPSkhsf3EolU=
google.golang.org/api v0.283.0 h1:0lkp8u0MPwJVHqRL+nJlMAoZVVzbmiXmFHXMOTmSPik=
google.golang.org/api v0.283.0/go.mod h1:6Wssta4c5n9qHq5CBhmlai5h/PUa1djdDAIhYEHyvcM=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genai v1.54.0 h1:ZQCa70WMTJDI11FdqWCzGvZ5PanpcpfoO6jl/lrSnGU=
Expand All @@ -1432,6 +1438,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260511170946-3700d4141b60 h1:seT2EwLWM78plQ7wcDfuWBc/4FAEAXDDiaSol4ku4qo=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260511170946-3700d4141b60/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260523011958-0a33c5d7ca68 h1:PvEgGJf9C/1u5CHkInMg7UFYYUoiaQmW2LbtH0pjB78=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260523011958-0a33c5d7ca68/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
Expand Down
4 changes: 2 additions & 2 deletions integration_tests/issues_for_team.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -579,8 +579,8 @@ Test.gql("VulnerableImageIssue", function(t)
nodes = {
{
__typename = "VulnerableImageIssue",
message = "Image 'vulnerable-image' has 5 critical vulnerabilities and a risk score of 250",
severity = "WARNING",
message = "Image 'vulnerable-image' has 2 IMMEDIATE and 3 HIGH risk-tier vulnerabilities",
severity = "CRITICAL",
critical = 5,
riskScore = 250,
workload = {
Expand Down
Loading
Loading