compliance-scanner-agent/compliance-core/src/models/cve.rs

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum CveSource {
    Osv,
    Nvd,
    SearXNG,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CveAlert {
    #[serde(rename = "_id", skip_serializing_if = "Option::is_none")]
    pub id: Option<bson::oid::ObjectId>,
    pub cve_id: String,
    pub repo_id: String,
    pub affected_package: String,
    pub affected_version: String,
    pub source: CveSource,
    pub severity: Option<String>,
    pub cvss_score: Option<f64>,
    pub summary: Option<String>,
    pub llm_impact_summary: Option<String>,
    pub references: Vec<String>,
    pub created_at: DateTime<Utc>,
}

impl CveAlert {
    pub fn new(
        cve_id: String,
        repo_id: String,
        affected_package: String,
        affected_version: String,
        source: CveSource,
    ) -> Self {
        Self {
            id: None,
            cve_id,
            repo_id,
            affected_package,
            affected_version,
            source,
            severity: None,
            cvss_score: None,
            summary: None,
            llm_impact_summary: None,
            references: Vec::new(),
            created_at: Utc::now(),
        }
    }
}