vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Add Liferay Importer (Fixes #1410)

Open paarthbhatt opened this issue 1 month ago • 4 comments

Fixes #1410

Hey, this PR adds a new importer for Liferay security advisories. It crawls the Liferay security page to fetch CVEs, severity scores, and affected versions.

I've also added tests to verify the parsing logic. Let me know if anything needs changing!

paarthbhatt avatar Nov 21 '25 07:11 paarthbhatt

@paarthbhatt thank you so much for this PR.

https://github.com/aboutcode-org/vulnerablecode/tree/main/vulnerabilities/pipelines/v2_importers We are using these type of importer pipelines now. Can you adjust/migrate your code accordingly. Also see:

  • https://github.com/aboutcode-org/vulnerablecode/issues/1944

If you need any help, let us know. Thanks!

Also please run the importer on your system once and provide us logs. Thanks!

TG1999 avatar Nov 21 '25 10:11 TG1999

Hey @TG1999 , thanks for the feedback!

I've updated the code to use the new V2 pipeline architecture as requested. I also ran the importer locally to make sure it's working, and it successfully started collecting advisories.

Here's a snippet from my local logs: INFO 2025-11-21 13:15:46.003014 UTC Collecting 1 advisories

I've also signed off on the commits to fix the DCO check. Let me know if you spot anything else!

paarthbhatt avatar Nov 21 '25 13:11 paarthbhatt

Hey @TG1999,

Sorry about those errors - you're absolutely right. I've fixed all three issues now and pushed the changes. Tests are passing. Thanks for catching these and for your patience!

paarthbhatt avatar Nov 21 '25 16:11 paarthbhatt

hey @TG1999 , could you please check out recent updates and please tell if any changes are needed.

paarthbhatt avatar Dec 02 '25 13:12 paarthbhatt