feat: Add Debian, Alpine, and Go vulnerability intel sources (#163)

[anassm2]

Add Debian, Alpine, and Go Vulnerability Intel Sources

📊 Summary

This PR adds 3 new OS-specific vulnerability intelligence sources to enhance coverage for Debian, Alpine, and Go-based containers, addressing issue #163.

New Intel Sources:

• 🐧 Debian Security Tracker - Provides Debian-specific vulnerability intel and patch information
• 🏔️ Alpine SecDB - Queries Alpine Linux Security Database for Alpine packages
• 🔵 Go Vulnerability Database - Integrates OSV API for Go module vulnerabilities

Impact: Increases total intel sources from 5 to 8, providing comprehensive coverage across multiple OS ecosystems.

---

🎯 What's Changed

New Client Implementations (3 files)

• src/vuln_analysis/utils/clients/debian_client.py (106 lines)
• src/vuln_analysis/utils/clients/alpine_client.py (162 lines)
• src/vuln_analysis/utils/clients/go_client.py (136 lines)

Core Integration Updates (4 files)

• src/vuln_analysis/utils/intel_retriever.py - Added retrieval methods for new sources
• src/vuln_analysis/data_models/cve_intel.py - Added Pydantic models for new intel types
• src/vuln_analysis/utils/prompting.py - Added OS-specific prompt fields for LLM context
• src/vuln_analysis/utils/output_formatter.py - Updated report generation

Test Infrastructure

• Comprehensive test suite in tests/intel-sources/ for all 3 new sources
• Integration test script: test_all_intel_sources.sh
• Sample data: SBOMs and input messages for testing

Documentation

• CONTRIBUTION_SUMMARY.md - Detailed technical documentation

---

✨ Features

Debian Security Tracker

• API: https://security-tracker.debian.org/tracker/
• Fetches Debian-specific patch levels and security notes
• Provides maintainer comments and package status
• Full async implementation with retry logic

Alpine SecDB

• API: https://secdb.alpinelinux.org/
• Supports all Alpine versions (v3.13-v3.21)
• Caches SecDB data per Alpine version/repository
• Returns Alpine-specific package and version info

Go Vulnerability Database

• API: https://api.osv.dev/v1/query
• Queries OSV (Open Source Vulnerabilities) API
• Extracts GO-IDs, affected modules, and fixed versions
• Handles Go-specific vulnerability details

---

🧪 Testing

Test Coverage

✅ Debian Test: Python 3.11 Debian container with 5 CVEs (111 packages)
✅ Alpine Test: nginx:alpine3.20 with 4 CVEs (34 packages)
✅ Go Test: Go application with 3 Go-related CVEs (10 modules)

Test Execution

All 3 intel sources have been tested with real CVE data and verified to work correctly:

# Run all tests
./test_all_intel_sources.sh

# Run individual tests
./tests/intel-sources/debian/test_debian.sh
./tests/intel-sources/alpine/test_alpine.sh
./tests/intel-sources/go/test_go.sh

Results

• ✅ Debian Security Tracker successfully retrieves intel for Debian CVEs
• ✅ Alpine SecDB correctly queries Alpine-specific vulnerabilities
• ✅ Go VulnDB (OSV API) fetches Go module vulnerability data
• ✅ All intel sources integrate seamlessly with existing pipeline
• ✅ Original test cases (Morpheus container) continue to work

---

📈 Impact

Enhanced Coverage

Before	After	Improvement
5 intel sources	8 intel sources	+60%
Ubuntu only	Ubuntu + Debian	Broader Linux coverage
No Alpine support	Alpine SecDB	Alpine containers supported
OS packages only	OS + Go modules	Application-level coverage

Benefits

• ✅ Better Debian coverage - Debian-specific patch information and security notes
• ✅ Alpine support - Previously unsupported, now fully integrated
• ✅ Go ecosystem coverage - Application-level vulnerabilities beyond OS packages
• ✅ Reduced false negatives - More intel sources provide better CVE context
• ✅ Enhanced LLM analysis - OS-specific intel improves exploitability determination

---

🔄 Backward Compatibility

✅ Fully backward compatible

• No breaking changes to existing functionality
• Original intel sources (GHSA, NVD, Ubuntu, RHSA, EPSS) work exactly as before
• New sources integrate seamlessly into existing pipeline
• Existing test cases continue to work without modification

---

📊 Statistics

• Files Changed: 27
• Lines Added: +2,660
• Lines Deleted: -170
• New Client Code: 404 lines
• Test Infrastructure: Comprehensive test suites for 3 OS types

---

🔍 Code Quality

• ✅ Follows existing codebase patterns and conventions
• ✅ Fully async/await implementation for all clients
• ✅ Comprehensive error handling with logging
• ✅ Pydantic models for type safety
• ✅ Retry logic with exponential backoff
• ✅ API timeout handling
• ✅ Well-documented with docstrings
• ✅ Test coverage for all new functionality

---

📚 Documentation

See CONTRIBUTION_SUMMARY.md for:

• Detailed technical implementation
• API endpoints and data models
• Testing procedures
• Future enhancement ideas

---

🎯 Resolves

Closes #163

---

📝 Checklist

• Code follows project conventions
• All new functionality is tested
• Documentation updated
• Backward compatibility maintained
• No breaking changes introduced
• All tests passing
• Linting checks pass

---

🙏 Additional Notes

This contribution significantly enhances the vulnerability analysis system's ability to assess security risks across different container ecosystems. The new intel sources provide crucial OS-specific context that helps the LLM make more accurate exploitability determinations.

Special focus was placed on:

• Maintaining consistency with existing code patterns
• Ensuring robust error handling
• Providing comprehensive test coverage
• Creating thorough documentation

Happy to address any feedback or questions! 🚀

[efajardo-nv]

Thanks for the PR!