Feature: Support for external databases (for example PostgreSQL) in addition to the local SQLite file vuln database

[WantDead]

Request Description

Is it possible to add support for using an external database (such as PostgreSQL or MySQL) to store vulnerability data, instead of or alongside the current SQLite file-based storage.

Additional Information

No response

[prabhu]

Checkout vulnerablecode.

[WantDead]

Hi @prabhu ,
I generally understand that there are already existing vulnerability databases (for example, in PostgreSQL). My question was about how to integrate depscan with such a database.
And if such a possibility is not available at the moment, can we expect such an improvement in the future?

[prabhu]

@WantDead, Vulnerability data changes every few hours. Currently, we build SQLite databases of varying sizes via GitHub Actions and download them prior to a scan (with configurable age). With PostgreSQL etc., we need to think about some in-place update mechanisms, ActivityPub-based distribution, and so on. Since VDB is all open schema, such as CVE 5.1, users can feel free to maintain their own databases, but this is not a priority for me.

https://github.com/AppThreat/vdb