ROX-30352: add CVE detail and affected VMs endpoints#19667
Open
ROX-30352: add CVE detail and affected VMs endpoints#19667
Conversation
|
Skipping CI for Draft Pull Request. |
Contributor
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Author
|
This change is part of the following stack: Change managed by git-spice. |
This was referenced Mar 27, 2026
Contributor
|
Images are ready for the commit at 676d22b. To use with deploy scripts, first |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #19667 +/- ##
==========================================
- Coverage 49.67% 49.66% -0.02%
==========================================
Files 2765 2765
Lines 209039 209154 +115
==========================================
+ Hits 103834 103869 +35
- Misses 97527 97602 +75
- Partials 7678 7683 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
f331507 to
b200b68
Compare
6729330 to
cd38717
Compare
b200b68 to
90e78c1
Compare
cd38717 to
2266b11
Compare
90e78c1 to
7fd211d
Compare
2266b11 to
d8e4837
Compare
7fd211d to
fd37ed6
Compare
d8e4837 to
5977ea6
Compare
fd37ed6 to
4d3f72a
Compare
5977ea6 to
6de0f05
Compare
4d3f72a to
f3b7899
Compare
5e58fde to
53f3fd3
Compare
f3b7899 to
4fea4f7
Compare
53f3fd3 to
676d22b
Compare
4fea4f7 to
cd84093
Compare
bcf35af to
31fe3ae
Compare
ac85252 to
e0471f6
Compare
31fe3ae to
42314fd
Compare
e0471f6 to
da2dcf9
Compare
42314fd to
4bb4cae
Compare
da2dcf9 to
f29d7bb
Compare
4bb4cae to
9f37f8d
Compare
f29d7bb to
a40704a
Compare
9f37f8d to
a6e1bec
Compare
a40704a to
fa40049
Compare
a6e1bec to
23b50db
Compare
fa40049 to
7491811
Compare
23b50db to
3d75c53
Compare
7491811 to
ec3a7fd
Compare
3d75c53 to
026f97c
Compare
ec3a7fd to
bb82d34
Compare
026f97c to
48c384d
Compare
bb82d34 to
1ee5d37
Compare
48c384d to
ab272fa
Compare
6ee3ace to
4c6dd35
Compare
Base automatically changed from
aheflin/ROX-30352/vm-v2-vm-scoped-endpoints
to
master
April 16, 2026 16:33
Add 2 CVE-scoped endpoints to VirtualMachineV2Service:
- GetVMCVEDetail (GET /v2/virtualmachines/cves/{id}) - single CVE detail
with cross-VM severity aggregation, affected VM/guest OS counts
- ListVMCVEAffectedVMs (GET /v2/virtualmachines/cves/{id}/vms) - VMs
affected by a specific CVE with per-VM severity and fixability
Partially generated by AI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add TestGetVMCVEDetail covering empty ID, CVE not found, and successful detail with severity aggregation and guest OS counting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
4c6dd35 to
8f411cd
Compare
|
@ajheflin: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Part 5/6 of the VirtualMachineV2Service API stack (ROX-30352).
Adds 2 CVE-scoped endpoints:
GetVMCVEDetail(GET /v2/virtualmachines/cves/{id}) - single CVE detail with cross-VM severity aggregation, affected VM count, affected guest OS count, and top CVSS. Accepts the CVE identifier (e.g. "CVE-2024-1234") as the path parameter.ListVMCVEAffectedVMs(GET /v2/virtualmachines/cves/{id}/vms) - VMs affected by a specific CVE with per-VM severity, fixability, and affected component countUser-facing documentation
Testing and quality
Automated testing
How I validated my change
Unit tests:
TestGetVMCVEDetail(3 cases)E2E validated on a cluster with 200 fake VMs:
GET /v2/virtualmachines/cves/CVE-2020-10134returns detail withaffected=197/200 guestOSes=9, severity counts, EPSS, and summaryGET /v2/virtualmachines/cves/CVE-2020-10134/vmsreturns 196 affected VMs with severity, fixability, and component counts