feat: Add Go module and workspace test fixtures

- Created expected JSON files for Go modules and workspaces. - Added go.mod and go.sum files for example projects. - Implemented private module structure with expected JSON output. - Introduced vendored dependencies with corresponding expected JSON. - Developed PostgresGraphJobStore for managing graph jobs. - Established SQL migration scripts for graph jobs schema. - Implemented GraphJobRepository for CRUD operations on graph jobs. - Created IGraphJobRepository interface for repository abstraction. - Added unit tests for GraphJobRepository to ensure functionality.
2025-12-06 20:04:03 +02:00
parent a6f1406509
commit 05597616d6
178 changed files with 12022 additions and 4545 deletions
--- a/docs/schemas/advisory-key.schema.json
+++ b/docs/schemas/advisory-key.schema.json
@@ -0,0 +1,134 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stellaops.io/schemas/advisory-key.v1.json",
+  "title": "AdvisoryKey",
+  "description": "Canonical advisory key for vulnerability correlation across VEX observations, policy findings, and risk assessments",
+  "type": "object",
+  "required": ["advisoryKey", "scope", "links"],
+  "additionalProperties": false,
+  "properties": {
+    "advisoryKey": {
+      "type": "string",
+      "description": "The canonical advisory key used for correlation and storage. CVE identifiers remain unchanged; non-CVE identifiers are prefixed with scope indicator (ECO:, VND:, DST:, UNK:)",
+      "examples": ["CVE-2024-1234", "ECO:GHSA-XXXX-XXXX-XXXX", "VND:RHSA-2024:1234"]
+    },
+    "scope": {
+      "$ref": "#/$defs/AdvisoryScope"
+    },
+    "links": {
+      "type": "array",
+      "description": "Original and alias identifiers preserved for traceability",
+      "items": {
+        "$ref": "#/$defs/AdvisoryLink"
+      },
+      "minItems": 1
+    }
+  },
+  "$defs": {
+    "AdvisoryScope": {
+      "type": "string",
+      "description": "The scope/authority level of the advisory",
+      "enum": ["global", "ecosystem", "vendor", "distribution", "unknown"],
+      "x-enum-descriptions": {
+        "global": "Global identifiers (CVE)",
+        "ecosystem": "Ecosystem-specific identifiers (GHSA)",
+        "vendor": "Vendor-specific identifiers (RHSA, MSRC, ADV)",
+        "distribution": "Distribution-specific identifiers (DSA, USN)",
+        "unknown": "Unclassified or custom identifiers"
+      }
+    },
+    "AdvisoryLink": {
+      "type": "object",
+      "description": "A link to an original or alias advisory identifier",
+      "required": ["identifier", "type", "isOriginal"],
+      "additionalProperties": false,
+      "properties": {
+        "identifier": {
+          "type": "string",
+          "description": "The advisory identifier value",
+          "examples": ["CVE-2024-1234", "GHSA-xxxx-xxxx-xxxx", "RHSA-2024:1234"]
+        },
+        "type": {
+          "$ref": "#/$defs/AdvisoryType"
+        },
+        "isOriginal": {
+          "type": "boolean",
+          "description": "True if this is the original identifier provided at ingest time"
+        }
+      }
+    },
+    "AdvisoryType": {
+      "type": "string",
+      "description": "The type of advisory identifier",
+      "enum": ["cve", "ghsa", "rhsa", "dsa", "usn", "msrc", "other"],
+      "x-enum-descriptions": {
+        "cve": "Common Vulnerabilities and Exposures (CVE-YYYY-NNNNN)",
+        "ghsa": "GitHub Security Advisory (GHSA-xxxx-xxxx-xxxx)",
+        "rhsa": "Red Hat Security Advisory (RHSA-YYYY:NNNN)",
+        "dsa": "Debian Security Advisory (DSA-NNNN-N)",
+        "usn": "Ubuntu Security Notice (USN-NNNN-N)",
+        "msrc": "Microsoft Security Response Center (ADV-YYYY-NNNN)",
+        "other": "Custom or unrecognized identifier format"
+      }
+    },
+    "AdvisoryIdentifierPattern": {
+      "type": "object",
+      "description": "Patterns for recognizing advisory identifier formats",
+      "properties": {
+        "cve": {
+          "type": "string",
+          "const": "^CVE-\\d{4}-\\d{4,}$"
+        },
+        "ghsa": {
+          "type": "string",
+          "const": "^GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}$"
+        },
+        "rhsa": {
+          "type": "string",
+          "const": "^RH[A-Z]{2}-\\d{4}:\\d+$"
+        },
+        "dsa": {
+          "type": "string",
+          "const": "^DSA-\\d+(-\\d+)?$"
+        },
+        "usn": {
+          "type": "string",
+          "const": "^USN-\\d+(-\\d+)?$"
+        },
+        "msrc": {
+          "type": "string",
+          "const": "^(ADV|CVE)-\\d{4}-\\d+$"
+        }
+      }
+    }
+  },
+  "examples": [
+    {
+      "advisoryKey": "CVE-2024-1234",
+      "scope": "global",
+      "links": [
+        {
+          "identifier": "CVE-2024-1234",
+          "type": "cve",
+          "isOriginal": true
+        },
+        {
+          "identifier": "GHSA-xxxx-xxxx-xxxx",
+          "type": "ghsa",
+          "isOriginal": false
+        }
+      ]
+    },
+    {
+      "advisoryKey": "ECO:GHSA-XXXX-XXXX-XXXX",
+      "scope": "ecosystem",
+      "links": [
+        {
+          "identifier": "GHSA-xxxx-xxxx-xxxx",
+          "type": "ghsa",
+          "isOriginal": true
+        }
+      ]
+    }
+  ]
+}