add and expose daily fixable vulnerability history fields for artifacts (model/DTO/transformer/migrations/aggregation/query wiring)

Current problem: open_dependency_vulns is populated correctly, but fixable_* and cve_purl_fixable_* are still written as 0

Author: 5byuri

cmd/devguard-cli/commands/daemon.go

@@ -100,6 +100,7 @@ func runPipelineForAsset(assetIDStr, assetVersionSlug string) error {
 		integrations.Module,
 		vulndb.Module,
 		daemons.Module,
+		fixedversion.Module,
 		fx.Populate(&daemonRunner, &dependencyVulnRepository, &dependencyVulnService, &assetRepository, &assetVersionRepository),
 	)
 

database/migrations/20260304170435_recover_missing_migration.down.sql

@@ -0,0 +1,2 @@
+-- Recovery migration placeholder for missing historical version.
+-- Intentionally left empty.

database/migrations/20260304170435_recover_missing_migration.up.sql

@@ -0,0 +1,3 @@
+-- Recovery migration placeholder for missing historical version.
+-- Intentionally left empty to unblock environments that already reference
+-- migration version 20260304170435 in schema_migrations.

database/migrations/20260402110000_add_fixable_distribution_to_artifact_risk_history.down.sql

@@ -0,0 +1,9 @@
+ALTER TABLE public.artifact_risk_history
+DROP COLUMN IF EXISTS cve_purl_fixable_critical,
+DROP COLUMN IF EXISTS cve_purl_fixable_high,
+DROP COLUMN IF EXISTS cve_purl_fixable_medium,
+DROP COLUMN IF EXISTS cve_purl_fixable_low,
+DROP COLUMN IF EXISTS fixable_critical,
+DROP COLUMN IF EXISTS fixable_high,
+DROP COLUMN IF EXISTS fixable_medium,
+DROP COLUMN IF EXISTS fixable_low;

database/migrations/20260402110000_add_fixable_distribution_to_artifact_risk_history.up.sql

@@ -0,0 +1,20 @@
+ALTER TABLE public.artifact_risk_history
+ADD COLUMN IF NOT EXISTS fixable_low INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS fixable_medium INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS fixable_high INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS fixable_critical INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS cve_purl_fixable_low INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS cve_purl_fixable_medium INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS cve_purl_fixable_high INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS cve_purl_fixable_critical INTEGER DEFAULT 0;
+
+UPDATE public.artifact_risk_history
+SET
+    fixable_low = COALESCE(fixable_low, 0),
+    fixable_medium = COALESCE(fixable_medium, 0),
+    fixable_high = COALESCE(fixable_high, 0),
+    fixable_critical = COALESCE(fixable_critical, 0),
+    cve_purl_fixable_low = COALESCE(cve_purl_fixable_low, 0),
+    cve_purl_fixable_medium = COALESCE(cve_purl_fixable_medium, 0),
+    cve_purl_fixable_high = COALESCE(cve_purl_fixable_high, 0),
+    cve_purl_fixable_critical = COALESCE(cve_purl_fixable_critical, 0);

database/models/statistic_model.go

@@ -23,6 +23,11 @@ type Distribution struct {
 	Medium   int `json:"medium"`
 	Critical int `json:"critical"`
 
+	FixableLow      int `json:"fixableLow"`
+	FixableMedium   int `json:"fixableMedium"`
+	FixableHigh     int `json:"fixableHigh"`
+	FixableCritical int `json:"fixableCritical"`
+
 	LowCVSS      int `json:"lowCvss"`
 	MediumCVSS   int `json:"mediumCvss"`
 	HighCVSS     int `json:"highCvss"`
@@ -37,6 +42,11 @@ type Distribution struct {
 	CVEPurlMediumCVSS   int `json:"cvePurlMediumCvss"`
 	CVEPurlHighCVSS     int `json:"cvePurlHighCvss"`
 	CVEPurlCriticalCVSS int `json:"cvePurlCriticalCvss"`
+
+	CVEPurlFixableLow      int `json:"cvePurlFixableLow"`
+	CVEPurlFixableMedium   int `json:"cvePurlFixableMedium"`
+	CVEPurlFixableHigh     int `json:"cvePurlFixableHigh"`
+	CVEPurlFixableCritical int `json:"cvePurlFixableCritical"`
 }
 
 type History struct {

database/repositories/artifact_risk_history_repository.go

@@ -73,7 +73,9 @@ func (r *artifactRiskHistoryRepository) GetRiskHistoryByRelease(ctx context.Cont
 		       arh.sum_closed_risk, arh.avg_closed_risk, arh.max_closed_risk, arh.min_closed_risk,
 		       arh.open_dependency_vulns, arh.fixed_dependency_vulns,
 		       arh.low, arh.medium, arh.high, arh.critical,
+		       arh.fixable_low, arh.fixable_medium, arh.fixable_high, arh.fixable_critical,
 			   arh.cve_purl_low, arh.cve_purl_medium, arh.cve_purl_high, arh.cve_purl_critical,
+			   arh.cve_purl_fixable_low, arh.cve_purl_fixable_medium, arh.cve_purl_fixable_high, arh.cve_purl_fixable_critical,
 		       arh.low_cvss, arh.medium_cvss, arh.high_cvss, arh.critical_cvss,
 			   arh.cve_purl_low_cvss, arh.cve_purl_medium_cvss, arh.cve_purl_high_cvss, arh.cve_purl_critical_cvss
 		FROM artifact_risk_history arh
@@ -98,8 +100,10 @@ func (r *artifactRiskHistoryRepository) GetRiskHistoryForOrg(ctx context.Context
 	SELECT
 		day,
 		SUM(low) low, SUM(medium) medium, SUM(high) high, SUM(critical) critical,
+		SUM(fixable_low) fixable_low, SUM(fixable_medium) fixable_medium, SUM(fixable_high) fixable_high, SUM(fixable_critical) fixable_critical,
 		SUM(low_cvss) low_cvss, SUM(medium_cvss) medium_cvss, SUM(high_cvss) high_cvss, SUM(critical_cvss) critical_cvss,
 		SUM(cve_purl_low) cve_purl_low, SUM(cve_purl_medium) cve_purl_medium, SUM(cve_purl_high) cve_purl_high, SUM(cve_purl_critical) cve_purl_critical,
+		SUM(cve_purl_fixable_low) cve_purl_fixable_low, SUM(cve_purl_fixable_medium) cve_purl_fixable_medium, SUM(cve_purl_fixable_high) cve_purl_fixable_high, SUM(cve_purl_fixable_critical) cve_purl_fixable_critical,
 		SUM(cve_purl_low_cvss) cve_purl_low_cvss, SUM(cve_purl_medium_cvss) cve_purl_medium_cvss, SUM(cve_purl_high_cvss) cve_purl_high_cvss, SUM(cve_purl_critical_cvss) cve_purl_critical_cvss
 	FROM
 		artifact_risk_history a

database/repositories/statistics_repository.go

@@ -37,21 +37,21 @@ func (r *statisticsRepository) TimeTravelDependencyVulnState(ctx context.Context
 	dependencyVulns := []models.DependencyVuln{}
 	var err error
 	if artifactName == nil && assetVersionName == nil {
-		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
+		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Select("dependency_vulns.*").Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
 			return db.Where("created_at <= ?", time).Order("created_at ASC")
 		}).
 			Joins("JOIN artifact_dependency_vulns adv ON adv.dependency_vuln_id = dependency_vulns.id").
 			Where("dependency_vulns.asset_id = ?", assetID).Where("created_at <= ?", time).
 			Find(&dependencyVulns).Error
 	} else if artifactName != nil {
-		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
+		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Select("dependency_vulns.*").Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
 			return db.Where("created_at <= ?", time).Order("created_at ASC")
 		}).
 			Joins("JOIN artifact_dependency_vulns adv ON adv.dependency_vuln_id = dependency_vulns.id").
-			Where("adv.artifact_asset_version_name = ?", *assetVersionName).Where("adv.artifact_asset_id = ?", assetID).Where("adv.artifact_artifact_name = ?", artifactName).Where("created_at <= ?", time).
+			Where("adv.artifact_asset_version_name = ?", *assetVersionName).Where("adv.artifact_asset_id = ?", assetID).Where("adv.artifact_artifact_name = ?", *artifactName).Where("created_at <= ?", time).
 			Find(&dependencyVulns).Error
 	} else {
-		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
+		err = r.GetDB(ctx, tx).Model(&models.DependencyVuln{}).Select("dependency_vulns.*").Preload("CVE").Preload("Events", func(db *gorm.DB) *gorm.DB {
 			return db.Where("created_at <= ?", time).Order("created_at ASC")
 		}).Where("adv.artifact_asset_id = ?", assetID).Where("adv.artifact_artifact_name = ?", artifactName).Where("created_at <= ?", time).
 			Find(&dependencyVulns).Error

dtos/statistics_dto.go

@@ -38,6 +38,11 @@ type Distribution struct {
 	Medium   int `json:"medium"`
 	Critical int `json:"critical"`
 
+	FixableLow      int `json:"fixableLow"`
+	FixableMedium   int `json:"fixableMedium"`
+	FixableHigh     int `json:"fixableHigh"`
+	FixableCritical int `json:"fixableCritical"`
+
 	LowCVSS      int `json:"lowCvss"`
 	MediumCVSS   int `json:"mediumCvss"`
 	HighCVSS     int `json:"highCvss"`
@@ -52,6 +57,11 @@ type Distribution struct {
 	CVEPurlMediumCVSS   int `json:"cvePurlMediumCvss"`
 	CVEPurlHighCVSS     int `json:"cvePurlHighCvss"`
 	CVEPurlCriticalCVSS int `json:"cvePurlCriticalCvss"`
+
+	CVEPurlFixableLow      int `json:"cvePurlFixableLow"`
+	CVEPurlFixableMedium   int `json:"cvePurlFixableMedium"`
+	CVEPurlFixableHigh     int `json:"cvePurlFixableHigh"`
+	CVEPurlFixableCritical int `json:"cvePurlFixableCritical"`
 }
 
 type History struct {