Crate vulnera_advisor 

Vulnera Advisors

A Rust library for aggregating and querying security vulnerability advisories from multiple sources including GitHub Security Advisories (GHSA), NIST NVD, and Google OSV.

Features

• Multi-source aggregation: Fetch from GHSA, NVD, OSV, CISA KEV, and OSS Index
• Unified data model: All sources are normalized to a common Advisory format
• Enrichment: EPSS scores and KEV status for prioritization
• Efficient storage: Redis/DragonflyDB with zstd compression
• Flexible matching: SemVer and ecosystem-specific version matching

Quick Start

use vulnera_advisors::{VulnerabilityManager, Config};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Load config from environment
    let config = Config::from_env()?;
    let manager = VulnerabilityManager::new(config).await?;

    // Sync advisories from all sources
    manager.sync_all().await?;

    // Query vulnerabilities for a package
    let advisories = manager.query("npm", "lodash").await?;

    // Check if a specific version is affected
    let affected = manager.matches("npm", "lodash", "4.17.20").await?;

    Ok(())
}

Builder Pattern

For more control over configuration:

use vulnera_advisors::VulnerabilityManager;

let manager = VulnerabilityManager::builder()
    .redis_url("redis://localhost:6379")
    .with_osv_defaults()
    .with_nvd(Some("your-api-key".to_string()))
    .with_ghsa("your-github-token".to_string())
    .build()?;

Re-exports

pub use config::Config;

pub use config::NvdConfig;

pub use config::OssIndexConfig;

pub use config::StoreConfig;

pub use error::AdvisoryError;

pub use error::Result;

pub use manager::MatchOptions;

pub use manager::PackageKey;

pub use manager::VulnerabilityManager;

pub use manager::VulnerabilityManagerBuilder;

pub use models::Advisory;

pub use models::Affected;

pub use models::Enrichment;

pub use models::Event;

pub use models::Package;

pub use models::Range;

pub use models::RangeType;

pub use models::Reference;

pub use models::ReferenceType;

pub use models::Severity;

pub use store::AdvisoryStore;

pub use store::DragonflyStore;

pub use store::EnrichmentData;

pub use store::HealthStatus;

pub use store::OssIndexCache;

pub use purl::KNOWN_ECOSYSTEMS;

pub use purl::Purl;

pub use purl::PurlError;

pub use purl::purl;

pub use purl::purls_from_packages;

pub use purl::purls_to_strings;

pub use sources::AdvisorySource;

pub use sources::epss::EpssScore;

pub use sources::epss::EpssSource;

pub use sources::ghsa::GHSASource;

pub use sources::kev::KevEntry;

pub use sources::kev::KevSource;

pub use sources::nvd::NVDSource;

pub use sources::ossindex::ComponentReport;

pub use sources::ossindex::OssIndexSource;

pub use sources::ossindex::OssVulnerability;

pub use sources::osv::OSVSource;

Modules

aggregator

Advisory aggregation and deduplication.

config

Configuration types for the vulnera-advisors crate.

error

Error types for the vulnera-advisors crate.

manager

Vulnerability manager for orchestrating syncs and queries.

models

Core data models for vulnerability advisories.

purl

Package URL (PURL) builder and parser.

sources

Vulnerability data sources.

store

Storage backends for advisory data.