Vulnerability Matching
The following describes a successful scan.
- Updaters have ran either in the background on an interval or an offline loader has been ran.
- A Manifest is provided to LibIndex. LibIndex fetches all the layers, runs all scanner types on each layer, persists all artifacts found in each layer, and computes an IndexReport.
- A IndexReport is provided to LibVuln.
- LibVuln creates a stream of IndexRecord structs from the IndexReport and concurrently streams these structs to each configured Matcher.
- LibVuln computes a VulnerabilityReport aggregating all vulnerabilities discovered by all configured Matcher implementations.
- Sometime later the security advisory database is updated and a new request to LibVuln will present updated vulnerability data.