vulnera_advisor/
lib.rs

1//! # Vulnera Advisors
2//!
3//! A Rust library for aggregating and querying security vulnerability advisories
4//! from multiple sources including GitHub Security Advisories (GHSA), NIST NVD,
5//! and Google OSV.
6//!
7//! ## Features
8//!
9//! - **Multi-source aggregation**: Fetch from GHSA, NVD, OSV, CISA KEV, and OSS Index
10//! - **Unified data model**: All sources are normalized to a common Advisory format
11//! - **Enrichment**: EPSS scores and KEV status for prioritization
12//! - **Efficient storage**: Redis/DragonflyDB with zstd compression
13//! - **Flexible matching**: SemVer and ecosystem-specific version matching
14//!
15//! ## Quick Start
16//!
17//! ```rust,ignore
18//! use vulnera_advisors::{VulnerabilityManager, Config};
19//!
20//! #[tokio::main]
21//! async fn main() -> Result<(), Box<dyn std::error::Error>> {
22//!     // Load config from environment
23//!     let config = Config::from_env()?;
24//!     let manager = VulnerabilityManager::new(config).await?;
25//!
26//!     // Sync advisories from all sources
27//!     manager.sync_all().await?;
28//!
29//!     // Query vulnerabilities for a package
30//!     let advisories = manager.query("npm", "lodash").await?;
31//!
32//!     // Check if a specific version is affected
33//!     let affected = manager.matches("npm", "lodash", "4.17.20").await?;
34//!
35//!     Ok(())
36//! }
37//! ```
38//!
39//! ## Builder Pattern
40//!
41//! For more control over configuration:
42//!
43//! ```rust,ignore
44//! use vulnera_advisors::VulnerabilityManager;
45//!
46//! let manager = VulnerabilityManager::builder()
47//!     .redis_url("redis://localhost:6379")
48//!     .with_osv_defaults()
49//!     .with_nvd(Some("your-api-key".to_string()))
50//!     .with_ghsa("your-github-token".to_string())
51//!     .build()?;
52//! ```
53
54pub mod aggregator;
55pub mod config;
56pub mod error;
57pub mod manager;
58pub mod models;
59pub mod purl;
60pub mod sources;
61pub mod store;
62
63// Re-export main types
64pub use config::{Config, NvdConfig, OssIndexConfig, StoreConfig};
65pub use error::{AdvisoryError, Result};
66pub use manager::{MatchOptions, PackageKey, VulnerabilityManager, VulnerabilityManagerBuilder};
67pub use models::{
68    Advisory, Affected, Enrichment, Event, Package, Range, RangeType, Reference, ReferenceType,
69    Severity,
70};
71pub use store::{AdvisoryStore, DragonflyStore, EnrichmentData, HealthStatus, OssIndexCache};
72
73// Re-export PURL helper
74pub use purl::{KNOWN_ECOSYSTEMS, Purl, PurlError, purl, purls_from_packages, purls_to_strings};
75
76// Re-export source types
77pub use sources::{
78    AdvisorySource,
79    epss::{EpssScore, EpssSource},
80    ghsa::GHSASource,
81    kev::{KevEntry, KevSource},
82    nvd::NVDSource,
83    ossindex::{ComponentReport, OssIndexSource, OssVulnerability},
84    osv::OSVSource,
85};