Vulnerability Matching

The following describes a successful scan.

  1. Updaters have ran either in the background on an interval or an offline loader has been ran.
  2. A Manifest is provided to Libindex. Libindex fetches all the layers, runs all scanner types on each layer, persists all artifacts found in each layer, and computes an IndexReport.
  3. A IndexReport is provided to Libvuln.
  4. Libvuln creates a stream of IndexRecord structs from the IndexReport and concurrently streams these structs to each configured Matcher.
  5. Libvuln computes a VulnerabilityReport aggregating all vulnerabilities discovered by all configured Matcher implementations.
  6. Sometime later the security advisory database is updated and a new request to Libvuln will present updated vulnerability data.