Open
Conversation
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
from
efe2e7a to
82f4983
Compare
MaineK00n
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the legacy go-kev-backed KEVuln pipeline and shifts KEV enrichment to the vuls2 DB-based enrichment flow, including new fixtures/tests to validate CISA KEV and VulnCheck KEV mapping.
Changes:
- Removed
go-kevintegration: config (KEVulnConf), TOML template output, validation hooks, and thedetector/kevuln.goimplementation. - Added vuls2 enrichment step to backfill vulnerability content (e.g., RedHat API data) and KEV data (CISA/VulnCheck) from the vuls2 DB.
- Updated module/dependency metadata and Dependabot ignore lists; added enrichment fixtures + unit tests.
Reviewed changes
Copilot reviewed 24 out of 25 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
subcmds/server.go |
Drops KEVuln config init and removes KEVuln from DB validation call. |
subcmds/report.go |
Drops KEVuln config init. |
subcmds/report_windows.go |
Drops KEVuln config init for Windows report subcommand. |
subcmds/discover.go |
Removes [kevuln] section from generated TOML template output. |
server/server.go |
Removes gost RedHat fill and KEVuln fill from server-mode enrichment path. |
go.sum |
Removes go-kev hashes and updates other transitive deps. |
go.mod |
Removes go-kev, updates indirect deps, and adds a replace for vuls-data-update. |
detector/vuls2/vuls2.go |
Adds enrich(...) stage to pull non-detecting source content + KEV data from vuls2 DB. |
detector/vuls2/vuls2_test.go |
Adds unit tests validating enrichment for RedHat API + CISA/VulnCheck KEV. |
detector/vuls2/vendor.go |
Adds KEV mapping helpers + enrichment CVSS extraction and RedHatAPI source link handling. |
detector/vuls2/testdata/fixtures/enrich/vulncheck-kev/datasource.json |
Adds datasource fixture for VulnCheck KEV. |
detector/vuls2/testdata/fixtures/enrich/vulncheck-kev/data/2021/CVE-2021-30713.json |
Adds VulnCheck KEV vulnerability fixture. |
detector/vuls2/testdata/fixtures/enrich/redhat-cve/datasource.json |
Adds datasource fixture for RedHat CVE API. |
detector/vuls2/testdata/fixtures/enrich/redhat-cve/data/CVE-2024-1102.json |
Adds RedHat CVE API vulnerability fixture. |
detector/vuls2/testdata/fixtures/enrich/cisa-kev/datasource.json |
Adds datasource fixture for CISA KEV. |
detector/vuls2/testdata/fixtures/enrich/cisa-kev/data/2022/CVE-2022-21971.json |
Adds CISA KEV vulnerability fixture. |
detector/vuls2/internal/test/test.go |
Adds helper to populate a vuls2 DB from fixtures for unit tests. |
detector/vuls2/export_test.go |
Exposes enrich via Enrich for external-package tests. |
detector/util.go |
Removes KEVuln DB validation from ValidateDBs. |
detector/kevuln.go |
Deletes the go-kev-backed KEV enrichment implementation. |
detector/detector.go |
Removes gost RedHat fill and KEVuln fill from the generic detect/report pipeline. |
config/vulnDictConf.go |
Removes KEVulnConf type and env/config initialization. |
config/tomlloader.go |
Drops Conf.KEVuln from init list. |
config/config.go |
Removes KEVuln from config struct and validation list. |
.github/dependabot.yml |
Removes go-kev from ignore list. |
Comments suppressed due to low confidence (1)
server/server.go:93
- Server mode no longer calls any KEV enrichment after detection. For Linux this may be covered by vuls2 enrichment, but Windows detection still uses gost (DetectPkgCves) and will now miss KEV data. Consider adding a vuls2-backed KEV enrichment step for Windows/non-vuls2 paths (or documenting the behavior change).
nMetasploitCve, err := detector.FillWithMetasploit(&r, config.Conf.Metasploit, config.Conf.LogOpts)
if err != nil {
logging.Log.Errorf("Failed to fill with metasploit: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)
if err := detector.FillWithCTI(&r, config.Conf.Cti, config.Conf.LogOpts); err != nil {
logging.Log.Errorf("Failed to fill with Cyber Threat Intelligences: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
5 times, most recently
from
f770348 to
a169fb5
Compare
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
from
a169fb5 to
a3d00ea
Compare
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
from
a3d00ea to
c7c7129
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
from
c7c7129 to
b676e8b
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Remove go-kev dependency and replace KEVuln detection with vuls2-based KEV enrichment pipeline supporting CISA, VulnCheck, and ENISA KEV. - Remove detector/kevuln.go and all FillWithKEVuln call sites - Remove KEVulnConf from config, TOML template, and subcmds - Add enrichVulnerabilities() and enrichAdvisories() in vendor.go with explicit sourceID switch for each data source - Add enrichVulnerabilityKEV() for CISA/VulnCheck KEV (vulnerability-based) - Add enrichAdvisoryKEV() for ENISA KEV (advisory-based) - Add enrichRedHatCVE() extracted from inline enrich() logic - Use GetVulnerabilityDataByVulnerabilityID for unified vuln+advisory lookup - Add ENISAKEVType and ENISAKEV struct to models - Add unit tests for CISA, VulnCheck, and ENISA KEV enrichment - Remove go-kev from dependabot.yml Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
MaineK00n
force-pushed
the
MaineK00n/go-kev
branch
from
b676e8b to
7961dee
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.
What did you implement:
Remove go-kev dependency and replace KEVuln detection with vuls2-based
KEV enrichment pipeline supporting CISA, VulnCheck, and ENISA KEV.
with explicit sourceID switch for each data source
Type of change
How Has This Been Tested?
unit test
Checklist:
You don't have to satisfy all of the following.
make fmtmake testIs this ready for review?: YES
Reference