Struct VulnerabilityManager 

pub struct VulnerabilityManager { /* private fields */ }

Main vulnerability manager for syncing and querying advisories.

Implementations

impl VulnerabilityManager

pub async fn new(config: Config) -> Result<Self>

Create a new manager from a Config.

This is a convenience method. For more control, use VulnerabilityManagerBuilder.

pub fn builder() -> VulnerabilityManagerBuilder

Create a builder for custom configuration.

pub fn store(&self) -> &Arc<dyn AdvisoryStore + Send + Sync>

Get a reference to the underlying store.

pub async fn health_check(&self) -> Result<HealthStatus>

Check the health of the store connection.

pub async fn sync_all(&self) -> Result<SyncStats>

Sync advisories from all configured sources.

pub async fn reset_sync(&self, source: &str) -> Result<()>

Reset the sync timestamp for a specific source.

This forces a full re-sync on the next sync_all() call.

pub async fn reset_all_syncs(&self) -> Result<()>

Reset all sync timestamps, forcing a full re-sync of all sources.

pub async fn sync_enrichment(&self) -> Result<()>

Sync enrichment data (KEV and EPSS).

pub async fn sync_enrichment_with_cves( &self, extra_cves: &[String], ) -> Result<()>

Sync enrichment data with optional extra CVE IDs to broaden EPSS coverage.

pub async fn query( &self, ecosystem: &str, package: &str, ) -> Result<Vec<Advisory>>

Query advisories for a specific package.

pub async fn query_enriched( &self, ecosystem: &str, package: &str, ) -> Result<Vec<Advisory>>

Query advisories with enrichment data.

pub async fn query_batch( &self, packages: &[PackageKey], ) -> Result<HashMap<PackageKey, Vec<Advisory>>>

Query multiple packages in a batch (concurrent).

All queries run in parallel for maximum throughput.

pub async fn matches( &self, ecosystem: &str, package: &str, version: &str, ) -> Result<Vec<Advisory>>

Check if a specific package version is affected by any vulnerabilities.

pub async fn matches_with_options( &self, ecosystem: &str, package: &str, version: &str, options: &MatchOptions, ) -> Result<Vec<Advisory>>

Check if a package version is affected, with filtering options.

pub async fn fetch_epss_scores( &self, cve_ids: &[&str], ) -> Result<HashMap<String, f64>>

Fetch live EPSS scores for CVEs (not from cache).

pub async fn is_kev(&self, cve_id: &str) -> Result<bool>

Check if a CVE is in the CISA KEV catalog.

pub async fn query_ossindex(&self, purls: &[String]) -> Result<Vec<Advisory>>

Query OSS Index for vulnerabilities affecting the given PURLs.

This method provides automatic caching:

• First checks the cache for each PURL
• Only queries OSS Index for cache misses
• Caches results for future queries

Arguments

• purls - Package URLs to query (e.g., “pkg:npm/lodash@4.17.20”)

Returns

Vector of advisories for all vulnerabilities found.

Errors

Returns an error if OSS Index is not configured or if the query fails.

Example

use vulnera_advisors::{VulnerabilityManager, Purl};

let manager = VulnerabilityManager::builder()
    .redis_url("redis://localhost:6379")
    .with_ossindex(None)
    .build()?;

let purls = vec![
    Purl::new("npm", "lodash").with_version("4.17.20").to_string(),
];

let advisories = manager.query_ossindex(&purls).await?;

pub async fn query_batch_with_ossindex( &self, packages: &[PackageKey], ) -> Result<HashMap<PackageKey, Vec<Advisory>>>

Query OSS Index for vulnerabilities with fallback to stored advisories.

This method first queries OSS Index, then falls back to the local store if the OSS Index query fails or returns no results.

Arguments

• packages - List of packages to query (ecosystem, name, optional version)

Returns

Map of package keys to their advisories.

pub async fn invalidate_ossindex_cache(&self, purls: &[String]) -> Result<()>

Invalidate cached OSS Index results for specific PURLs.

Use this to force a fresh query on the next call.

pub async fn invalidate_all_ossindex_cache(&self) -> Result<()>

Invalidate all cached OSS Index results.

pub async fn suggest_remediation( &self, ecosystem: &str, package: &str, current_version: &str, ) -> Result<Remediation>

Get remediation suggestions for a vulnerable package.

This method checks if the specified version is vulnerable, and if so, suggests the nearest and latest safe versions based on fixed versions declared in the advisories.

Arguments

• ecosystem - Package ecosystem (e.g., “npm”, “pypi”)
• package - Package name
• current_version - Current version to analyze

Returns

A [Remediation] containing safe version suggestions and upgrade impact.

Example

use vulnera_advisors::VulnerabilityManager;

let remediation = manager.suggest_remediation("npm", "lodash", "4.17.20").await?;
if let Some(nearest) = remediation.nearest_safe {
    println!("Upgrade to {} ({:?} impact)", nearest, remediation.upgrade_impact);
}

pub async fn suggest_remediation_with_registry( &self, ecosystem: &str, package: &str, current_version: &str, registry: &dyn VersionRegistry, ) -> Result<Remediation>

Get remediation suggestions with registry lookup for all available versions.

This is an enhanced version of [suggest_remediation] that fetches available versions from package registries to provide more complete upgrade suggestions.

Arguments

• ecosystem - Package ecosystem (e.g., “npm”, “pypi”)
• package - Package name
• current_version - Current version to analyze
• registry - A version registry implementation to fetch available versions

Returns

A crate::remediation::Remediation containing safe version suggestions from the full version list.

Example

use vulnera_advisors::{VulnerabilityManager, PackageRegistry};

let registry = PackageRegistry::new();
let remediation = manager
    .suggest_remediation_with_registry("npm", "lodash", "4.17.20", &registry)
    .await?;