Vulnerability Matching
The following describes a successful scan.
- Updaters have ran either in the background on an interval or an offline loader has been ran.
- A Manifest is provided to Libindex. Libindex fetches all the layers, runs all scanner types on each layer, persists all artifacts found in each layer, and computes an IndexReport.
- A IndexReport is provided to Libvuln.
- Libvuln creates a stream of IndexRecord structs from the IndexReport and concurrently streams these structs to each configured Matcher.
- Libvuln computes a VulnerabilityReport aggregating all vulnerabilities discovered by all configured Matcher implementations.
- Sometime later the security advisory database is updated and a new request to Libvuln will present updated vulnerability data.