@@ -24,6 +24,7 @@ import (
2424 "go.opentelemetry.io/otel/propagation"
2525 "go.opentelemetry.io/otel/trace"
2626 "google.golang.org/protobuf/encoding/protojson"
27+ "google.golang.org/protobuf/proto"
2728 "k8s.io/apimachinery/pkg/util/yaml"
2829)
2930
@@ -311,7 +312,7 @@ func processUpdate(ctx context.Context, config Config, item WorkItem) {
311312 return
312313 }
313314 }
314- if err := sendToWorker (ctx , config , item , hash , modified ); err != nil {
315+ if err := sendToWorker (ctx , config , item , hash , modified , & vulnProto ); err != nil {
315316 logger .ErrorContext (ctx , "Failed to send to worker" , slog .Any ("error" , err ), slog .String ("source" , sourceRepoName ), slog .String ("path" , sourcePath ))
316317 }
317318}
@@ -321,23 +322,32 @@ func computeHash(data []byte) string {
321322 return hex .EncodeToString (hash [:])
322323}
323324
324- func sendToWorker (ctx context.Context , config Config , item WorkItem , hash string , modifiedTime time.Time ) error {
325+ func sendToWorker (ctx context.Context , config Config , item WorkItem , hash string , modifiedTime time.Time , vuln * osvschema. Vulnerability ) error {
325326 var srcTimestamp * time.Time
326327 if ! item .IsReimport {
327328 // Only track the update latency if we're not doing a reimport of the data
328329 srcTimestamp = & modifiedTime
329330 }
330331
331- return publishUpdate (ctx , config .Publisher , item .SourceRepository , item .SourcePath , hash , false , srcTimestamp )
332+ return publishUpdate (ctx , config .Publisher , item .SourceRepository , item .SourcePath , hash , false , srcTimestamp , vuln )
332333}
333334
334335func sendDeletionToWorker (ctx context.Context , config Config , item WorkItem ) error {
335- return publishUpdate (ctx , config .Publisher , item .SourceRepository , item .SourcePath , "" , true , nil )
336+ return publishUpdate (ctx , config .Publisher , item .SourceRepository , item .SourcePath , "" , true , nil , nil )
336337}
337338
338- func publishUpdate (ctx context.Context , publisher clients.Publisher , source , path , hash string , deleted bool , srcTimestamp * time.Time ) error {
339+ func publishUpdate (ctx context.Context , publisher clients.Publisher , source , path , hash string , deleted bool , srcTimestamp * time.Time , vuln * osvschema.Vulnerability ) error {
340+ // Send the vulnerability proto in the message data
341+ var data []byte
342+ if vuln != nil {
343+ var err error
344+ data , err = proto .Marshal (vuln )
345+ if err != nil {
346+ return err
347+ }
348+ }
339349 msg := & pubsub.Message {
340- Data : [] byte ( "" ) ,
350+ Data : data ,
341351 Attributes : map [string ]string {
342352 "type" : "update" ,
343353 "source" : source ,
0 commit comments