Skip to content

Add vulnerability report capabilities to RPM #1427

Open
#1431
Open
Add vulnerability report capabilities to RPM#1427
#1431
Labels
Triage-NeededNeeds to be reviewed at next pulp-cli mtgfeature requestNew feature request (template-set)
@pedro-psb

Description

@pedro-psb
pedro-psb
opened on Jun 11, 2026

Summary

I want pulp-cli to support the vulnerability report feature.
Pulp RPM support was merged into 3.38.0.dev (pulp/pulp_rpm#4464).
Apart from the repository version scan, it also requires special repository configuration to select the OSV ecosystem.

Versions

The capability already exist for core. For RPM it will be released in 3.38.0

Examples

# with cli
PACKAGE="kernel-3.10.0-123.el7-x86_64.rpm"
OSV_CONFIG='[{"name": "Red Hat", "releases": ["cpe:/o:redhat:enterprise_linux:7::workstation"]:}]'
pulp rpm repository create \
    --name rpm_repo
    --osv-config ${OSV_CONFIG}
pulp rpm content -t package upload --repository rpm_repo --file $PACKAGE
pulp rpm repository version --repository rpm-repo scan

# with http calls
http POST ${API_ROOT}/repositories/rpm/rpm/ \
  name:=rpm_repository \
  osv_config:='[{"name": "AlmaLinux", "releases": ["9"]}]'

http PATCH ${API_ROOT}/repositories/rpm/rpm/{repository_pk}/ \
  osv_config:='[{"name": "Red Hat", "releases": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}]'

http POST ${API_ROOT}/repositories/rpm/rpm/{repository_pk}/versions/{number}/vulnerability_report/

Metadata

Metadata

Assignees

No one assigned

    Labels

    Triage-NeededNeeds to be reviewed at next pulp-cli mtgfeature requestNew feature request (template-set)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions