feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

pkg/detector/library/driver.go

@@ -83,8 +83,8 @@ func NewDriver(libType ftypes.LangType) (Driver, bool) {
 		eco = ecosystem.Kubernetes
 		comparer = compare.GenericComparer{}
 	case ftypes.Julia:
-		log.Warn("Julia is supported for SBOM, not for vulnerability scanning")
-		return Driver{}, false
+		eco = ecosystem.Julia
+		comparer = compare.GenericComparer{}
 	default:
 		log.Warn("The library type is not supported for vulnerability scanning",
 			log.String("type", string(libType)))
@@ -129,6 +129,7 @@ func (d *Driver) DetectVulnerabilities(pkgID, pkgName, pkgVer string) ([]types.D
 
 		vuln := types.DetectedVulnerability{
 			VulnerabilityID:  adv.VulnerabilityID,
+			VendorIDs:        adv.VendorIDs, // Any vendors have specific IDs, e.g. GHSA, JLSEC
 			PkgID:            pkgID,
 			PkgName:          pkgName,
 			InstalledVersion: pkgVer,

pkg/detector/library/driver_test.go

@@ -66,7 +66,10 @@ func TestDriver_Detect(t *testing.T) {
 			},
 			want: []types.DetectedVulnerability{
 				{
-					VulnerabilityID:  "CVE-2022-21235",
+					VulnerabilityID: "CVE-2022-21235",
+					VendorIDs: []string{
+						"GHSA-6635-c626-vj4r",
+					},
 					PkgName:          "github.com/Masterminds/vcs",
 					InstalledVersion: "v1.13.1",
 					FixedVersion:     "v1.13.2",
@@ -78,6 +81,34 @@ func TestDriver_Detect(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "julia package",
+			fixtures: []string{
+				"testdata/fixtures/julia.yaml",
+				"testdata/fixtures/data-source.yaml",
+			},
+			libType: ftypes.Julia,
+			args: args{
+				pkgName: "HTTP",
+				pkgVer:  "1.10.16",
+			},
+			want: []types.DetectedVulnerability{
+				{
+					VulnerabilityID:  "CVE-2025-52479",
+					PkgName:          "HTTP",
+					InstalledVersion: "1.10.16",
+					FixedVersion:     "1.10.17",
+					DataSource: &dbTypes.DataSource{
+						ID:   vulnerability.Julia,
+						Name: "Julia Ecosystem Security Advisories",
+						URL:  "https://github.com/JuliaLang/SecurityAdvisories.jl",
+					},
+					VendorIDs: []string{
+						"JLSEC-2025-1",
+					},
+				},
+			},
+		},
 		{
 			name:     "non-prefixed buckets",
 			fixtures: []string{"testdata/fixtures/php-without-prefix.yaml"},

pkg/detector/library/testdata/fixtures/data-source.yaml

@@ -30,3 +30,8 @@
         ID: "ghsa"
         Name: "GitHub Security Advisory Go"
         URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+    - key: "julia::Julia Ecosystem Security Advisories"
+      value:
+        ID: "julia"
+        Name: "Julia Ecosystem Security Advisories"
+        URL: "https://github.com/JuliaLang/SecurityAdvisories.jl"

pkg/detector/library/testdata/fixtures/go.yaml

@@ -8,3 +8,5 @@
               - v1.13.2
             VulnerableVersions:
               - "<v1.13.2"
+            VendorIDs:
+              - "GHSA-6635-c626-vj4r"

pkg/detector/library/testdata/fixtures/julia.yaml

@@ -0,0 +1,12 @@
+- bucket: "julia::Julia Ecosystem Security Advisories"
+  pairs:
+    - bucket: HTTP
+      pairs:
+        - key: CVE-2025-52479
+          value:
+            PatchedVersions:
+              - 1.10.17
+            VulnerableVersions:
+              - "<1.10.17"
+            VendorIDs:
+              - "JLSEC-2025-1"