anchore
diff --git a/‎src/vunnel/cli/config.py‎
Lines changed: 1 addition & 0 deletions b/‎src/vunnel/cli/config.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/vunnel/providers/__init__.py‎
Lines changed: 2 additions & 0 deletions b/‎src/vunnel/providers/__init__.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/vunnel/providers/secureos/__init__.py‎
Lines changed: 69 additions & 0 deletions b/‎src/vunnel/providers/secureos/__init__.py‎
Lines changed: 69 additions & 0 deletions
@@ -62,6 +62,7 @@ class Providers:
     oracle: providers.oracle.Config = field(default_factory=providers.oracle.Config)
     rhel: providers.rhel.Config = field(default_factory=providers.rhel.Config)
     rocky: providers.rocky.Config = field(default_factory=providers.rocky.Config)
+    secureos: providers.secureos.Config = field(default_factory=providers.secureos.Config)
     sles: providers.sles.Config = field(default_factory=providers.sles.Config)
     ubuntu: providers.ubuntu.Config = field(default_factory=providers.ubuntu.Config)
     wolfi: providers.wolfi.Config = field(default_factory=providers.wolfi.Config)
 
@@ -24,6 +24,7 @@
     oracle,
     rhel,
     rocky,
+    secureos,
     sles,
     ubuntu,
     wolfi,
@@ -49,6 +50,7 @@
     oracle.Provider.name(): oracle.Provider,
     rhel.Provider.name(): rhel.Provider,
     rocky.Provider.name(): rocky.Provider,
+    secureos.Provider.name(): secureos.Provider,
     sles.Provider.name(): sles.Provider,
     ubuntu.Provider.name(): ubuntu.Provider,
     wolfi.Provider.name(): wolfi.Provider,
 
@@ -0,0 +1,69 @@
+from __future__ import annotations
+
+import os
+from dataclasses import dataclass, field
+from typing import TYPE_CHECKING
+
+from vunnel import provider, result, schema
+from vunnel.utils import timer
+
+from .parser import Parser
+
+if TYPE_CHECKING:
+    import datetime
+
+
+@dataclass
+class Config:
+    runtime: provider.RuntimeConfig = field(
+        default_factory=lambda: provider.RuntimeConfig(
+            result_store=result.StoreStrategy.SQLITE,
+            existing_results=result.ResultStatePolicy.DELETE_BEFORE_WRITE,
+        ),
+    )
+    request_timeout: int = 125
+
+
+class Provider(provider.Provider):
+    __schema__ = schema.OSSchema()
+    __distribution_version__ = int(__schema__.major_version)
+
+    _url = "https://security.secureos.io/v1/latest.json"
+    _namespace = "secureos"
+
+    def __init__(self, root: str, config: Config | None = None):
+        if not config:
+            config = Config()
+        super().__init__(root, runtime_cfg=config.runtime)
+        self.config = config
+
+        self.logger.debug(f"config: {config}")
+
+        self.parser = Parser(
+            workspace=self.workspace,
+            url=self._url,
+            namespace=self._namespace,
+            download_timeout=self.config.request_timeout,
+            logger=self.logger,
+        )
+
+        # this provider requires the previous state from former runs
+        provider.disallow_existing_input_policy(config.runtime)
+
+    @classmethod
+    def name(cls) -> str:
+        return "secureos"
+
+    def update(self, last_updated: datetime.datetime | None) -> tuple[list[str], int]:
+        with timer(self.name(), self.logger):
+            with self.results_writer() as writer, self.parser:
+                # TODO: tech debt: on subsequent runs, we should only write new vulns (this currently re-writes all)
+                for release, vuln_dict in self.parser.get():
+                    for vuln_id, record in vuln_dict.items():
+                        writer.write(
+                            identifier=os.path.join(f"{self._namespace.lower()}:{release.lower()}", vuln_id),
+                            schema=self.__schema__,
+                            payload=record,
+                        )
+
+            return self.parser.urls, len(writer)