Implement RDMS backend (postgres/mysql/sqlite) (guacsec#910)

* Init Artifact and Ent backend Signed-off-by: Ivan Vanderbyl <[email protected]> * Configure backend Signed-off-by: Ivan Vanderbyl <[email protected]> * Change ID type to Int Signed-off-by: Ivan Vanderbyl <[email protected]> * Correct model transform for ID Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement BuilderNode Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix transaction implementation to actually use tx Signed-off-by: Ivan Vanderbyl <[email protected]> * Add package (node) schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageNamespace schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageName schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageVersions Signed-off-by: Ivan Vanderbyl <[email protected]> * Document how to generate ent nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Add test suite helper for working with sql tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestPackage and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Generate Ent nodes for Package, NS, Names, and Versions Signed-off-by: Ivan Vanderbyl <[email protected]> * Add upsert support for software tree Signed-off-by: Ivan Vanderbyl <[email protected]> * Ensure only two versions were inserted Signed-off-by: Ivan Vanderbyl <[email protected]> * Order tree asc Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing unique versions (WIP) Signed-off-by: Ivan Vanderbyl <[email protected]> * Configure postgres in docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Make ent backend configurable Signed-off-by: Ivan Vanderbyl <[email protected]> * Add Packages query Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement preloads for Packages Signed-off-by: Ivan Vanderbyl <[email protected]> * Ent isOccurrence progress WIP. Signed-off-by: Jeff Mendoza <[email protected]> * Improve build performance in Docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Enable global IDs Signed-off-by: Ivan Vanderbyl <[email protected]> * Incorporate Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Adds Index annotation, but we probably need something different Signed-off-by: Ivan Vanderbyl <[email protected]> * Move to helpers Signed-off-by: Ivan Vanderbyl <[email protected]> * Bridge networking so we can poke at the db from host Signed-off-by: Ivan Vanderbyl <[email protected]> * Migrate to backend package to separate generated files Signed-off-by: Ivan Vanderbyl <[email protected]> * Finish IsOccurrence ingest. Also fix Package ingest to only return the ingested package. Signed-off-by: Jeff Mendoza <[email protected]> * Added IsDependency ingest and query to ent backend. Signed-off-by: Jeff Mendoza <[email protected]> * Refactor backend into separate package, adds Source, and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Use new ent backend package Signed-off-by: Ivan Vanderbyl <[email protected]> * Cache build step Signed-off-by: Ivan Vanderbyl <[email protected]> * Ignore some files for docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Integrate Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Add cleanup command to delete all generated ent code Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename IsDependency to Dependency Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename IsOccurrence to Occurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename ent.IsOccurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve cleanup logic Signed-off-by: Ivan Vanderbyl <[email protected]> * Experimenting Signed-off-by: Ivan Vanderbyl <[email protected]> * Add tests for IsDependency Signed-off-by: Ivan Vanderbyl <[email protected]> * Make tests easier to read Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Update readme on how to run tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add note about tx Signed-off-by: Ivan Vanderbyl <[email protected]> * Try jeff's impl of ingest occurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Add func to ignore empty slices in cmp Signed-off-by: Ivan Vanderbyl <[email protected]> * Filter dep tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Attempting to get tests passing Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement custom predicates for json qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Change PackageVersion schema so that we can query qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement version qualfier queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove debug statement Signed-off-by: Ivan Vanderbyl <[email protected]> * Test no qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Small refactoring Signed-off-by: Ivan Vanderbyl <[email protected]> * Optimise pkgName query Signed-off-by: Ivan Vanderbyl <[email protected]> * Refactor Occurrences to use Subject edge Signed-off-by: Ivan Vanderbyl <[email protected]> * Simplify package version query Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Add more tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Integrate more of Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * IngestOccurrence with OccurrenceSubject Signed-off-by: mrizzi <[email protected]> * Improve some package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Fixing more tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove OccurrenceSubject and get one test to pass Signed-off-by: Ivan Vanderbyl <[email protected]> * Make all Occurrence tests pass Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename PackageNode to PackageType Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Source to SourceType Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix test Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup package transforms Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix our happy path test Signed-off-by: Ivan Vanderbyl <[email protected]> * Import more of Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Expose Errorf as a global that we can replace later Signed-off-by: Ivan Vanderbyl <[email protected]> * Always query empty package version Signed-off-by: Ivan Vanderbyl <[email protected]> * Tighter constraints on versions Signed-off-by: Ivan Vanderbyl <[email protected]> * IngestHasSbom implementation Signed-off-by: mrizzi <[email protected]> * Add batch ingest for Artifacts Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestPackages Signed-off-by: Ivan Vanderbyl <[email protected]> * Stub IngestOccurrences Signed-off-by: Ivan Vanderbyl <[email protected]> * Add HasSBOM tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement FindSoftware Signed-off-by: Ivan Vanderbyl <[email protected]> * Limit results in search set Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename SBOM to BillOfMaterials and add SLSAAttestation Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename BuilderNode to Builder now that Ent supports it Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename some nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Use global IDs on tests so that we break any hard coded deps Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix dependency tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSBOM and fix all tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Mod tidy Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement GHSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CVEs Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement OSV and refatcor advisory upserts Signed-off-by: Ivan Vanderbyl <[email protected]> * Change dependency type to enum in pg Signed-off-by: Ivan Vanderbyl <[email protected]> * Add note to readme Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement IsVulnerability Signed-off-by: Ivan Vanderbyl <[email protected]> * Slightly reduce number of fields selected Signed-off-by: Ivan Vanderbyl <[email protected]> * WIP Implementing CertifyVuln Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Vulnerability to CertifyVuln Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Signed-off-by: Ivan Vanderbyl <[email protected]> * Implements CertifyVuln and IngestVulnerability + Tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HashEqual Ingest and Query Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve Package tests and API Signed-off-by: Ivan Vanderbyl <[email protected]> * Stub SLSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing PkgEqual (WIP) Signed-off-by: Ivan Vanderbyl <[email protected]> * Add SLSA Ingest Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSLSA and IngestSLSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Make artifact query consistent Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix SLSA ingest tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestMaterials Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestDependencies Signed-off-by: Ivan Vanderbyl <[email protected]> * Add Sources query and sources tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSourceAt Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CertifyBad and IngestCertifyBad + tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CertifyGood and IngestCertifyGood Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing Node interface Signed-off-by: Ivan Vanderbyl <[email protected]> * Fixing PkgEquals design and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Small cleanup for consistency Signed-off-by: Ivan Vanderbyl <[email protected]> * Ensure arm compilation doesn't complain Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve the consistency of package queries and transactions Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve code reuse around package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Possibly break everything Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove Annotations from Ent SBOM schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Run generators Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix my merge mistakes Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename ents Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix certify bad query Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix dependency tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add correct behaviour for match only empty Signed-off-by: Ivan Vanderbyl <[email protected]> * Add ent/contrib gql support Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix pkgversion tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Generate ent code with GQL Support enabled Signed-off-by: Ivan Vanderbyl <[email protected]> * Schema version of pkgequal that has a & b branches instead of M2M, reverted Signed-off-by: Ivan Vanderbyl <[email protected]> * Add ptrWithDefault helper Signed-off-by: Ivan Vanderbyl <[email protected]> * More package tree tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestSources Signed-off-by: Ivan Vanderbyl <[email protected]> * Update qualifiers match helper Signed-off-by: Ivan Vanderbyl <[email protected]> * More gql code gen for ent Signed-off-by: Ivan Vanderbyl <[email protected]> * All implemented features passing Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement Scorecards Signed-off-by: Ivan Vanderbyl <[email protected]> * Disable 32bit builds since they have issues with int() Signed-off-by: Ivan Vanderbyl <[email protected]> * package: added pkgSpec entities filtering Signed-off-by: mrizzi <[email protected]> * vulnerability: added CertifyVulnSpec entities filtering Signed-off-by: mrizzi <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Use no-op for upserts Signed-off-by: Ivan Vanderbyl <[email protected]> * Update .gitignore Co-authored-by: Mihai Maruseac <[email protected]> * Add neptude backend to validation Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Tidy Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename SecurityAdvisory to Vulnerability Signed-off-by: Ivan Vanderbyl <[email protected]> * Update package spec Signed-off-by: Ivan Vanderbyl <[email protected]> * Mark ent as experimental Signed-off-by: Ivan Vanderbyl <[email protected]> * Update vuln nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Refactoring backend so that vulns work Signed-off-by: Ivan Vanderbyl <[email protected]> * Comment out vuln and dep code that needs to be updated Signed-off-by: Ivan Vanderbyl <[email protected]> * Enable go arm arch again Signed-off-by: Ivan Vanderbyl <[email protected]> * Use inmem backend by default Signed-off-by: Ivan Vanderbyl <[email protected]> * Add CertifyVEXStatement and IngestVEXStatement Signed-off-by: mrizzi <[email protected]> * CertifyVex snake_case fields Signed-off-by: mrizzi <[email protected]> * IngestVEXStatement: managed DB insert conflict with Ignore() Signed-off-by: mrizzi <[email protected]> * Comment out Vex Signed-off-by: Ivan Vanderbyl <[email protected]> * Enhance 'Node' and add 'Nodes' endpoints Signed-off-by: mrizzi <[email protected]> * Node: Added SourceType, Builder, SecurityAdvisory and refactored TestNode Signed-off-by: mrizzi <[email protected]> * Restricted some queries and proposed new tests approach Signed-off-by: mrizzi <[email protected]> * Refactored SecurityAdvisory to VulnerabilityType Signed-off-by: mrizzi <[email protected]> * Completed test refactoring Signed-off-by: mrizzi <[email protected]> * Fix Static Analysis Signed-off-by: mrizzi <[email protected]> * Fix Lint checks Signed-off-by: mrizzi <[email protected]> * Fix Static Analysis - copyright notice Signed-off-by: mrizzi <[email protected]> * Enable postgres GH service Signed-off-by: mrizzi <[email protected]> * Fix Unit tests: TestEntBackendSuite/TestCertifyBad/HappyPath Signed-off-by: mrizzi <[email protected]> * Scorecards: fix source namespace query Signed-off-by: mrizzi <[email protected]> * Commented TestVulnerability: endpoint commented Signed-off-by: mrizzi <[email protected]> * Test suite util Signed-off-by: mrizzi <[email protected]> * CI for integration tests: enable postgres GH service Signed-off-by: mrizzi <[email protected]> --------- Signed-off-by: Ivan Vanderbyl <[email protected]> Signed-off-by: Jeff Mendoza <[email protected]> Signed-off-by: mrizzi <[email protected]> Co-authored-by: Jeff Mendoza <[email protected]> Co-authored-by: mrizzi <[email protected]> Co-authored-by: Mihai Maruseac <[email protected]>
ctron · Aug 29, 2023 · 1c0a63f · 1c0a63f
1 parent 1bba6a4
commit 1c0a63f
Show file tree

Hide file tree

Showing 271 changed files with 115,124 additions and 131 deletions.
diff --git a/.github/scripts/excluded_from_copyright b/.github/scripts/excluded_from_copyright
@@ -1,62 +1,247 @@
+./internal/testing/mocks/backend.go
+./internal/testing/mocks/documentparser.go
+./internal/testing/mocks/scorecard.go
+./pkg/assembler/backends/ent/artifact.go
+./pkg/assembler/backends/ent/artifact/artifact.go
+./pkg/assembler/backends/ent/artifact/where.go
+./pkg/assembler/backends/ent/artifact_create.go
+./pkg/assembler/backends/ent/artifact_delete.go
+./pkg/assembler/backends/ent/artifact_query.go
+./pkg/assembler/backends/ent/artifact_update.go
+./pkg/assembler/backends/ent/billofmaterials.go
+./pkg/assembler/backends/ent/billofmaterials/billofmaterials.go
+./pkg/assembler/backends/ent/billofmaterials/where.go
+./pkg/assembler/backends/ent/billofmaterials_create.go
+./pkg/assembler/backends/ent/billofmaterials_delete.go
+./pkg/assembler/backends/ent/billofmaterials_query.go
+./pkg/assembler/backends/ent/billofmaterials_update.go
+./pkg/assembler/backends/ent/builder.go
+./pkg/assembler/backends/ent/builder/builder.go
+./pkg/assembler/backends/ent/builder/where.go
+./pkg/assembler/backends/ent/builder_create.go
+./pkg/assembler/backends/ent/builder_delete.go
+./pkg/assembler/backends/ent/builder_query.go
+./pkg/assembler/backends/ent/builder_update.go
+./pkg/assembler/backends/ent/certification.go
+./pkg/assembler/backends/ent/certification/certification.go
+./pkg/assembler/backends/ent/certification/where.go
+./pkg/assembler/backends/ent/certification_create.go
+./pkg/assembler/backends/ent/certification_delete.go
+./pkg/assembler/backends/ent/certification_query.go
+./pkg/assembler/backends/ent/certification_update.go
+./pkg/assembler/backends/ent/certifyscorecard.go
+./pkg/assembler/backends/ent/certifyscorecard/certifyscorecard.go
+./pkg/assembler/backends/ent/certifyscorecard/where.go
+./pkg/assembler/backends/ent/certifyscorecard_create.go
+./pkg/assembler/backends/ent/certifyscorecard_delete.go
+./pkg/assembler/backends/ent/certifyscorecard_query.go
+./pkg/assembler/backends/ent/certifyscorecard_update.go
+./pkg/assembler/backends/ent/certifyvex.go
+./pkg/assembler/backends/ent/certifyvex/certifyvex.go
+./pkg/assembler/backends/ent/certifyvex/where.go
+./pkg/assembler/backends/ent/certifyvex_create.go
+./pkg/assembler/backends/ent/certifyvex_delete.go
+./pkg/assembler/backends/ent/certifyvex_query.go
+./pkg/assembler/backends/ent/certifyvex_update.go
+./pkg/assembler/backends/ent/certifyvuln.go
+./pkg/assembler/backends/ent/certifyvuln/certifyvuln.go
+./pkg/assembler/backends/ent/certifyvuln/where.go
+./pkg/assembler/backends/ent/certifyvuln_create.go
+./pkg/assembler/backends/ent/certifyvuln_delete.go
+./pkg/assembler/backends/ent/certifyvuln_query.go
+./pkg/assembler/backends/ent/certifyvuln_update.go
+./pkg/assembler/backends/ent/client.go
+./pkg/assembler/backends/ent/dependency.go
+./pkg/assembler/backends/ent/dependency/dependency.go
+./pkg/assembler/backends/ent/dependency/where.go
+./pkg/assembler/backends/ent/dependency_create.go
+./pkg/assembler/backends/ent/dependency_delete.go
+./pkg/assembler/backends/ent/dependency_query.go
+./pkg/assembler/backends/ent/dependency_update.go
+./pkg/assembler/backends/ent/ent.go
+./pkg/assembler/backends/ent/enttest/enttest.go
+./pkg/assembler/backends/ent/gql_collection.go
+./pkg/assembler/backends/ent/gql_edge.go
+./pkg/assembler/backends/ent/gql_node.go
+./pkg/assembler/backends/ent/gql_pagination.go
+./pkg/assembler/backends/ent/gql_transaction.go
+./pkg/assembler/backends/ent/hashequal.go
+./pkg/assembler/backends/ent/hashequal/hashequal.go
+./pkg/assembler/backends/ent/hashequal/where.go
+./pkg/assembler/backends/ent/hashequal_create.go
+./pkg/assembler/backends/ent/hashequal_delete.go
+./pkg/assembler/backends/ent/hashequal_query.go
+./pkg/assembler/backends/ent/hashequal_update.go
+./pkg/assembler/backends/ent/hassourceat.go
+./pkg/assembler/backends/ent/hassourceat/hassourceat.go
+./pkg/assembler/backends/ent/hassourceat/where.go
+./pkg/assembler/backends/ent/hassourceat_create.go
+./pkg/assembler/backends/ent/hassourceat_delete.go
+./pkg/assembler/backends/ent/hassourceat_query.go
+./pkg/assembler/backends/ent/hassourceat_update.go
+./pkg/assembler/backends/ent/hook/hook.go
+./pkg/assembler/backends/ent/isvulnerability.go
+./pkg/assembler/backends/ent/isvulnerability/isvulnerability.go
+./pkg/assembler/backends/ent/isvulnerability/where.go
+./pkg/assembler/backends/ent/isvulnerability_create.go
+./pkg/assembler/backends/ent/isvulnerability_delete.go
+./pkg/assembler/backends/ent/isvulnerability_query.go
+./pkg/assembler/backends/ent/isvulnerability_update.go
+./pkg/assembler/backends/ent/migrate/migrate.go
+./pkg/assembler/backends/ent/migrate/schema.go
+./pkg/assembler/backends/ent/mutation.go
+./pkg/assembler/backends/ent/occurrence.go
+./pkg/assembler/backends/ent/occurrence/occurrence.go
+./pkg/assembler/backends/ent/occurrence/where.go
+./pkg/assembler/backends/ent/occurrence_create.go
+./pkg/assembler/backends/ent/occurrence_delete.go
+./pkg/assembler/backends/ent/occurrence_query.go
+./pkg/assembler/backends/ent/occurrence_update.go
+./pkg/assembler/backends/ent/packagename.go
+./pkg/assembler/backends/ent/packagename/packagename.go
+./pkg/assembler/backends/ent/packagename/where.go
+./pkg/assembler/backends/ent/packagename_create.go
+./pkg/assembler/backends/ent/packagename_delete.go
+./pkg/assembler/backends/ent/packagename_query.go
+./pkg/assembler/backends/ent/packagename_update.go
+./pkg/assembler/backends/ent/packagenamespace.go
+./pkg/assembler/backends/ent/packagenamespace/packagenamespace.go
+./pkg/assembler/backends/ent/packagenamespace/where.go
+./pkg/assembler/backends/ent/packagenamespace_create.go
+./pkg/assembler/backends/ent/packagenamespace_delete.go
+./pkg/assembler/backends/ent/packagenamespace_query.go
+./pkg/assembler/backends/ent/packagenamespace_update.go
+./pkg/assembler/backends/ent/packagetype.go
+./pkg/assembler/backends/ent/packagetype/packagetype.go
+./pkg/assembler/backends/ent/packagetype/where.go
+./pkg/assembler/backends/ent/packagetype_create.go
+./pkg/assembler/backends/ent/packagetype_delete.go
+./pkg/assembler/backends/ent/packagetype_query.go
+./pkg/assembler/backends/ent/packagetype_update.go
+./pkg/assembler/backends/ent/packageversion.go
+./pkg/assembler/backends/ent/packageversion/packageversion.go
+./pkg/assembler/backends/ent/packageversion/qualifier_predicates.go
+./pkg/assembler/backends/ent/packageversion/where.go
+./pkg/assembler/backends/ent/packageversion_create.go
+./pkg/assembler/backends/ent/packageversion_delete.go
+./pkg/assembler/backends/ent/packageversion_query.go
+./pkg/assembler/backends/ent/packageversion_update.go
+./pkg/assembler/backends/ent/pkgequal.go
+./pkg/assembler/backends/ent/pkgequal/pkgequal.go
+./pkg/assembler/backends/ent/pkgequal/where.go
+./pkg/assembler/backends/ent/pkgequal_create.go
+./pkg/assembler/backends/ent/pkgequal_delete.go
+./pkg/assembler/backends/ent/pkgequal_query.go
+./pkg/assembler/backends/ent/pkgequal_update.go
+./pkg/assembler/backends/ent/predicate/predicate.go
+./pkg/assembler/backends/ent/runtime.go
+./pkg/assembler/backends/ent/runtime/runtime.go
+./pkg/assembler/backends/ent/scorecard.go
+./pkg/assembler/backends/ent/scorecard/scorecard.go
+./pkg/assembler/backends/ent/scorecard/where.go
+./pkg/assembler/backends/ent/scorecard_create.go
+./pkg/assembler/backends/ent/scorecard_delete.go
+./pkg/assembler/backends/ent/scorecard_query.go
+./pkg/assembler/backends/ent/scorecard_update.go
+./pkg/assembler/backends/ent/slsaattestation.go
+./pkg/assembler/backends/ent/slsaattestation/slsaattestation.go
+./pkg/assembler/backends/ent/slsaattestation/where.go
+./pkg/assembler/backends/ent/slsaattestation_create.go
+./pkg/assembler/backends/ent/slsaattestation_delete.go
+./pkg/assembler/backends/ent/slsaattestation_query.go
+./pkg/assembler/backends/ent/slsaattestation_update.go
+./pkg/assembler/backends/ent/sourcename.go
+./pkg/assembler/backends/ent/sourcename/sourcename.go
+./pkg/assembler/backends/ent/sourcename/where.go
+./pkg/assembler/backends/ent/sourcename_create.go
+./pkg/assembler/backends/ent/sourcename_delete.go
+./pkg/assembler/backends/ent/sourcename_query.go
+./pkg/assembler/backends/ent/sourcename_update.go
+./pkg/assembler/backends/ent/sourcenamespace.go
+./pkg/assembler/backends/ent/sourcenamespace/sourcenamespace.go
+./pkg/assembler/backends/ent/sourcenamespace/where.go
+./pkg/assembler/backends/ent/sourcenamespace_create.go
+./pkg/assembler/backends/ent/sourcenamespace_delete.go
+./pkg/assembler/backends/ent/sourcenamespace_query.go
+./pkg/assembler/backends/ent/sourcenamespace_update.go
+./pkg/assembler/backends/ent/sourcetype.go
+./pkg/assembler/backends/ent/sourcetype/sourcetype.go
+./pkg/assembler/backends/ent/sourcetype/where.go
+./pkg/assembler/backends/ent/sourcetype_create.go
+./pkg/assembler/backends/ent/sourcetype_delete.go
+./pkg/assembler/backends/ent/sourcetype_query.go
+./pkg/assembler/backends/ent/sourcetype_update.go
+./pkg/assembler/backends/ent/tx.go
+./pkg/assembler/backends/ent/vulnerabilityid.go
+./pkg/assembler/backends/ent/vulnerabilityid/vulnerabilityid.go
+./pkg/assembler/backends/ent/vulnerabilityid/where.go
+./pkg/assembler/backends/ent/vulnerabilityid_create.go
+./pkg/assembler/backends/ent/vulnerabilityid_delete.go
+./pkg/assembler/backends/ent/vulnerabilityid_query.go
+./pkg/assembler/backends/ent/vulnerabilityid_update.go
+./pkg/assembler/backends/ent/vulnerabilitytype.go
+./pkg/assembler/backends/ent/vulnerabilitytype/vulnerabilitytype.go
+./pkg/assembler/backends/ent/vulnerabilitytype/where.go
+./pkg/assembler/backends/ent/vulnerabilitytype_create.go
+./pkg/assembler/backends/ent/vulnerabilitytype_delete.go
+./pkg/assembler/backends/ent/vulnerabilitytype_query.go
+./pkg/assembler/backends/ent/vulnerabilitytype_update.go
 ./pkg/assembler/clients/generated/operations.go
-./pkg/assembler/graphql/model/nodes.go
-./pkg/assembler/graphql/resolvers/schema.resolvers.go
-./pkg/assembler/graphql/generated/root_.generated.go
-./pkg/assembler/graphql/generated/schema.generated.go
-./pkg/assembler/graphql/generated/prelude.generated.go
-./pkg/assembler/graphql/generated/package.generated.go
-./pkg/assembler/graphql/resolvers/package.resolvers.go
-./pkg/assembler/graphql/generated/source.generated.go
-./pkg/assembler/graphql/resolvers/source.resolvers.go
-./pkg/assembler/graphql/generated/cve.generated.go
-./pkg/assembler/graphql/resolvers/cve.resolvers.go
-./pkg/assembler/graphql/generated/ghsa.generated.go
-./pkg/assembler/graphql/resolvers/ghsa.resolvers.go
-./pkg/assembler/graphql/generated/osv.generated.go
-./pkg/assembler/graphql/resolvers/osv.resolvers.go
 ./pkg/assembler/graphql/generated/artifact.generated.go
-./pkg/assembler/graphql/resolvers/artifact.resolvers.go
 ./pkg/assembler/graphql/generated/builder.generated.go
-./pkg/assembler/graphql/resolvers/builder.resolvers.go
-./pkg/assembler/graphql/generated/hashEqual.generated.go
-./pkg/assembler/graphql/resolvers/hashEqual.resolvers.go
-./pkg/assembler/graphql/generated/isOccurrence.generated.go
-./pkg/assembler/graphql/resolvers/isOccurrence.resolvers.go
+./pkg/assembler/graphql/generated/certifyBad.generated.go
+./pkg/assembler/graphql/generated/certifyGood.generated.go
+./pkg/assembler/graphql/generated/certifyScorecard.generated.go
+./pkg/assembler/graphql/generated/certifyVEXStatement.generated.go
+./pkg/assembler/graphql/generated/certifyVuln.generated.go
+./pkg/assembler/graphql/generated/contact.generated.go
+./pkg/assembler/graphql/generated/cve.generated.go
+./pkg/assembler/graphql/generated/ghsa.generated.go
 ./pkg/assembler/graphql/generated/hasSBOM.generated.go
-./pkg/assembler/graphql/resolvers/hasSBOM.resolvers.go
+./pkg/assembler/graphql/generated/hasSLSA.generated.go
+./pkg/assembler/graphql/generated/hasSourceAt.generated.go
+./pkg/assembler/graphql/generated/hashEqual.generated.go
 ./pkg/assembler/graphql/generated/isDependency.generated.go
-./pkg/assembler/graphql/resolvers/isDependency.resolvers.go
+./pkg/assembler/graphql/generated/isOccurrence.generated.go
+./pkg/assembler/graphql/generated/isVulnerability.generated.go
+./pkg/assembler/graphql/generated/metadata.generated.go
+./pkg/assembler/graphql/generated/osv.generated.go
+./pkg/assembler/graphql/generated/package.generated.go
+./pkg/assembler/graphql/generated/path.generated.go
 ./pkg/assembler/graphql/generated/pkgEqual.generated.go
-./pkg/assembler/graphql/resolvers/pkgEqual.resolvers.go
-./pkg/assembler/graphql/generated/hasSourceAt.generated.go
-./pkg/assembler/graphql/resolvers/hasSourceAt.resolvers.go
-./pkg/assembler/graphql/generated/certifyBad.generated.go
+./pkg/assembler/graphql/generated/prelude.generated.go
+./pkg/assembler/graphql/generated/root_.generated.go
+./pkg/assembler/graphql/generated/schema.generated.go
+./pkg/assembler/graphql/generated/source.generated.go
+./pkg/assembler/graphql/generated/vulnEqual.generated.go
+./pkg/assembler/graphql/generated/vulnMetadata.generated.go
+./pkg/assembler/graphql/generated/vulnerability.generated.go
+./pkg/assembler/graphql/model/nodes.go
+./pkg/assembler/graphql/resolvers/artifact.resolvers.go
+./pkg/assembler/graphql/resolvers/builder.resolvers.go
 ./pkg/assembler/graphql/resolvers/certifyBad.resolvers.go
-./pkg/assembler/graphql/generated/certifyGood.generated.go
 ./pkg/assembler/graphql/resolvers/certifyGood.resolvers.go
-./pkg/assembler/graphql/generated/certifyScorecard.generated.go
 ./pkg/assembler/graphql/resolvers/certifyScorecard.resolvers.go
-./pkg/assembler/graphql/generated/certifyVuln.generated.go
+./pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go
 ./pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go
-./pkg/assembler/graphql/generated/isVulnerability.generated.go
-./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go
-./pkg/assembler/graphql/generated/hasSLSA.generated.go
+./pkg/assembler/graphql/resolvers/contact.resolvers.go
+./pkg/assembler/graphql/resolvers/cve.resolvers.go
+./pkg/assembler/graphql/resolvers/ghsa.resolvers.go
+./pkg/assembler/graphql/resolvers/hasSBOM.resolvers.go
 ./pkg/assembler/graphql/resolvers/hasSLSA.resolvers.go
-./pkg/assembler/graphql/generated/certifyVEXStatement.generated.go
-./pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go
-./pkg/assembler/graphql/resolvers/search.resolvers.go
-./pkg/assembler/graphql/resolvers/path.resolvers.go
-./pkg/assembler/graphql/generated/path.generated.go
-./pkg/assembler/graphql/generated/metadata.generated.go
+./pkg/assembler/graphql/resolvers/hasSourceAt.resolvers.go
+./pkg/assembler/graphql/resolvers/hashEqual.resolvers.go
+./pkg/assembler/graphql/resolvers/isDependency.resolvers.go
+./pkg/assembler/graphql/resolvers/isOccurrence.resolvers.go
+./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go
 ./pkg/assembler/graphql/resolvers/metadata.resolvers.go
-./pkg/assembler/graphql/resolvers/contact.resolvers.go
-./pkg/assembler/graphql/generated/contact.generated.go
-./pkg/assembler/graphql/generated/vulnEqual.generated.go
-./pkg/assembler/graphql/generated/vulnerability.generated.go
+./pkg/assembler/graphql/resolvers/osv.resolvers.go
+./pkg/assembler/graphql/resolvers/package.resolvers.go
+./pkg/assembler/graphql/resolvers/path.resolvers.go
+./pkg/assembler/graphql/resolvers/pkgEqual.resolvers.go
+./pkg/assembler/graphql/resolvers/schema.resolvers.go
+./pkg/assembler/graphql/resolvers/search.resolvers.go
+./pkg/assembler/graphql/resolvers/source.resolvers.go
 ./pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go
-./pkg/assembler/graphql/resolvers/vulnerability.resolvers.go
-./pkg/assembler/graphql/generated/vulnMetadata.generated.go 
 ./pkg/assembler/graphql/resolvers/vulnMetadata.resolvers.go
-./internal/testing/mocks/scorecard.go
-./internal/testing/mocks/documentparser.go
-./internal/testing/mocks/backend.go
+./pkg/assembler/graphql/resolvers/vulnerability.resolvers.go
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -41,6 +41,18 @@ jobs:
           NEO4J_AUTH: none
         ports:
           - 7687:7687
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: guac
+          POSTGRES_PASSWORD: guac
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
     steps:
       - name: Checkout code
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # tag=v3
@@ -58,11 +70,25 @@ jobs:
         env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
             GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
         run: make integration-test
 
   test-unit:
     runs-on: ubuntu-latest
     name: CI for unit tests
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: guac
+          POSTGRES_PASSWORD: guac
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
     steps:
       - name: Checkout code
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # tag=v3
@@ -77,6 +103,8 @@ jobs:
       - name: Setup the project
         run: go mod download
       - name: Run tests
+        env:
+          ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
         run: make test
 
   static-analysis:

diff --git a/.gitignore b/.gitignore
@@ -13,5 +13,6 @@ go.work
 *pkg/.DS_Store
 *.swp
 *.swo
+container_files/pg/
 
 dist/
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,5 +13,6 @@ go.work @@
     *pkg/.DS_Store
     *.swp
     *.swo
+    container_files/pg/
     dist/