Skip to content

Use uv #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
prabhu merged 1 commit into from
Feb 18, 2025
Merged

Use uv #206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 10 additions & 8 deletions .github/workflows/pythonapp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ jobs:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
- name: Set up Python
uses: actions/setup-python@v5
with:
Expand All @@ -32,24 +34,24 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install ".[dev]"
uv sync --all-extras --dev
- name: Lint with flake8
run: |
flake8 . --count --show-source --exit-zero --statistics
uv run flake8 . --count --show-source --exit-zero --statistics
- name: Test with pytest
run: |
pytest --cov=vdb test
uv run pytest --cov=vdb test
env:
PYTHONPATH: .
TEST_VDB_HOME: vdb_data
- name: Generate SBOM with cdxgen
run: |
npm install -g @cyclonedx/cdxgen
cdxgen -t python -o bom.json . -p --profile research
pip install ".[all]"
python vdb/cli.py --download-image
python vdb/cli.py --bom bom.json
uv sync --all-extras --dev
uv run vdb --download-image
uv run vdb --bom bom.json
- name: CLI tests
run: |
python vdb/cli.py --search "pkg:maven/org.springframework/spring-core@6.0.13"
python vdb/cli.py --search "pkg:maven/org.hibernate.orm/hibernate-core@6.2.9.Final"
uv run vdb --search "pkg:maven/org.springframework/spring-core@6.0.13"
uv run vdb --search "pkg:maven/org.hibernate.orm/hibernate-core@6.2.9.Final"
11 changes: 7 additions & 4 deletions .github/workflows/pythonpublish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ jobs:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
- name: Set up Python
uses: actions/setup-python@v5
with:
Expand All @@ -36,13 +38,14 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine build
uv sync --all-extras --dev
- name: Build
run: |
python3 -m build
uv build
- name: Publish package distributions to PyPI
if: startsWith(github.ref, 'refs/tags/')
uses: pypa/gh-action-pypi-publish@release/v1
run: |
uv publish
- name: Generate SBOM with cdxgen
run: |
npm install -g @cyclonedx/cdxgen
Expand Down Expand Up @@ -84,7 +87,7 @@ jobs:
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: contrib/mcp-server-vdb
context: packages/mcp-server-vdb
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
Expand Down
12 changes: 11 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,12 +275,22 @@ if db_lib.needs_update():

## Model Context Protocol (MCP) server

Refer to the [readme](./contrib/mcp-server-vdb/README.md)
Refer to the [readme](./packages/mcp-server-vdb/README.md)

## Read .vdb6 files in other languages

.vdb6 files are standard SQLite database files. Use any modern sqlite library to read and query them. There is a mini [deno example](./contrib/deno-vdb/README.md) in this repo for demonstration.

## Local development

Setup uv by following the official [documentation](https://docs.astral.sh/uv/).

```shell
uv sync --all-extras --dev
uv run depscan --help
uv run pytest
```

## License

MIT
0 contrib/mcp-server-vdb/.dockerignore → packages/mcp-server-vdb/.dockerignore
View file
Open in desktop
File renamed without changes.
0 contrib/mcp-server-vdb/.gitignore → packages/mcp-server-vdb/.gitignore
View file
Open in desktop
File renamed without changes.
0 contrib/mcp-server-vdb/Dockerfile → packages/mcp-server-vdb/Dockerfile
View file
Open in desktop
File renamed without changes.
0 contrib/mcp-server-vdb/README.md → packages/mcp-server-vdb/README.md
View file
Open in desktop
File renamed without changes.
22 changes: 19 additions & 3 deletions contrib/mcp-server-vdb/pyproject.toml → packages/mcp-server-vdb/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,29 @@ classifiers = [
]

dependencies = [
"appthreat-vulnerability-db[oras]>=6.2.3",
"appthreat-vulnerability-db[oras]",
"mcp[cli]>=1.2.1",
]

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
requires = ["setuptools>=61", "wheel", "build"]
build-backend = "setuptools.build_meta"

[project.optional-dependencies]
dev = [
"black",
"bandit",
"flake8",
"pylint",
"pytest",
"pytest-cov",
]

[project.scripts]
mcp-server-vdb = "mcp_server_vdb:main"

[tool.pytest.ini_options]
addopts="--showlocals -v --cov-report=term-missing --no-cov-on-fail --cov vdb"
testpaths = [
"test"
]
0 ...server-vdb/src/mcp_server_vdb/__init__.py → ...server-vdb/src/mcp_server_vdb/__init__.py
View file
Open in desktop
File renamed without changes.
0 ...-server-vdb/src/mcp_server_vdb/display.py → ...-server-vdb/src/mcp_server_vdb/display.py
View file
Open in desktop
File renamed without changes.
0 ...p-server-vdb/src/mcp_server_vdb/server.py → ...p-server-vdb/src/mcp_server_vdb/server.py
View file
Open in desktop
File renamed without changes.
24 changes: 12 additions & 12 deletions contrib/mcp-server-vdb/test/test_server.py → packages/mcp-server-vdb/test/test_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,41 +19,41 @@ async def run():

# List available resources
resources = await session.list_resources()
print(resources)
assert resources

# Read a resource
content, mime_type = await session.read_resource("cve://CVE-2024-25169")
print(content)
assert content

# List available prompts
prompts = await session.list_prompts()
print(prompts)
assert prompts

# Get a prompt
prompt = await session.get_prompt("search-vulnerabilities", arguments={"search": "pkg:pypi/xml2dict@0.2.2"})
print(prompt)
assert prompt

# List available tools
tools = await session.list_tools()
print(tools)
assert tools

# Call tools
result = await session.call_tool("search_by_purl_like", arguments={"purl": "pkg:pypi/xml2dict@0.2.2"})
print(result)
assert result
result = await session.call_tool("search_by_cpe_like",
arguments={"cpe": "cpe:2.3:a:npm:gitblame:*:*:*:*:*:*:*:*"})
print(result)
assert result
result = await session.call_tool("search_by_any", arguments={"search": "npm:gitblame:0.0.1"})
print(result)
assert result
result = await session.call_tool("search_by_cve", arguments={"cve_id": "CVE-2024-25169"})
print(result)
assert result
result = await session.call_tool("search_by_url", arguments={"url": "https://github.com/electron/electron"})
print(result)
assert result
result = await session.call_tool("latest_malware", arguments={"count": 3})
print(result)
assert result


if __name__ == "__main__":
def test_run():
import asyncio

asyncio.run(run())
Loading
Loading