DB diff vulnerability metadata

[driessamyn]

What would you like to be added:

Would it be possible to include vulnerability metadata in the output of grype db diff?

And/or a (quick) way to look the metadata for a given vulnerabiliity.

Why is this needed:

The DB diff is useful to assess changes in the vulnerability profile without the need to rescan the sbom, but detail such as the severity would be useful.

Additional context:

If this isn't readily available now, would the team consider a contribution to add this?

[kzantow]

I should note: we are almost certainly removing the db diff command from Grype in the very near future, when moving to DB v6, since the DB structure has changed significantly and is much more difficult to "diff" in a meaningful way. However, there is new functionality to search the db in useful ways (via grype db search) which we believe will both provide a better experience to understand what's changed and be significantly more performant. Perhaps if you could outline the use case(s) you have, we could understand if it's already be supported or what we could do via db search to support it?

[driessamyn]

Thanks. I saw another issue making a reference to it.
My usecase is to understand vulnerability changes without needing to rescan sboms.
A search that returns new, changed, removed vulnerabilities (from the db) since a given date would be fine, in fact probably a nicer interface.
But it feels a bit of a shame the diff provides 80% of the info, but not the vulnerability metadata.