OSV feed Ubuntu: Validate artifacts

[ksykulev]

Background

The vulnerabilities repository is responsible for generating osv artifacts #41571.

For NVD artifacts there is an additional validation step after generation.
https://github.com/fleetdm/vulnerabilities/blob/main/.github/workflows/generate-cve.yml#L93-L96

     - name: Validate NVD Feeds
        run: |
          cd fleet
          go run cmd/cve/validate/main.go --db_dir ./cvefeed --debug

The purpose of this is to attempt to detect any possible breaking changes in fleet server prior to publish the artifacts. Although fleet servers will run vulnerability scanning with outdated artifacts, that is better than breaking the vulnerability scanning job.

To do

Either modify the existing cmd/cve/validate/main.go command or create a new step that verifies the osv artifacts that were just generated.

[noahtalerman]

Hey @ksykulev is this issue no longer a subtask of the story?

• Transition Fleet from OVAL to OSV feeds for Ubuntu vulnerabilities #39900

Can we close this issue?

Saw this show up on the drafting board. Just trying to figure out that to do with it.

cc @getvictor

[ksykulev]

@noahtalerman
I don't know if we will have time to deal with it this sprint. We missed it during the original spec'ing. If it's confusing having this as a subtask of #39900, we can put it somewhere else. Just didn't want it to get lost.

[ksykulev]

It's also not 100% necessary to complete #39900. It's a nice to have.