Update Get Vulnerability Details action to use the latest api version

[viktor-orca]

Get Vulnerability Details, Get Compliance Info, Get Asset Details Updated the integration to support latest API version

---

Description

📋 Files Modified

1. core/OrcaSecurityManager.py - Major refactoring
2. core/constants.py - API endpoints and severity mappings updated
3. core/query_builder.py - New VulnerabilityQueryBuilder class added
4. release_notes.yaml - Version 13.0 release notes added

---

🔄 Major Changes Summary

1. OrcaSecurityManager.py Changes

API Migration & Query Building

• ❌ Removed: Old _paginate_results() method with next_page_token pagination
• ✅ Added: New _paginate_cve_results() method using start_at_index pagination
• ❌ Removed: Old DSL filter structure (dsl_filter with field includes)
• ✅ Added: VulnerabilityQueryBuilder integration throughout

get_frameworks()

• ❌ Removed: Simple POST request without payload
• ✅ Added: Framework search with framework_filters payload
• ✅ Added: Individual framework name search loop
• ✅ Added: Proper not_found_frameworks tracking

2. constants.py Changes

API Endpoints Updated
Severity System Overhaul

POSSIBLE_SEVERITIES = [
"critical",
"high",
"medium",
"low",
"unknown",
]

SEVERITY_MAPPING = {
"critical": 100,
"high": 80,
"medium": 60,
"low": -1,
"unknown": -1,
}

3. query_builder.py Changes

Completely New VulnerabilityQueryBuilder Class

• ✅ Added: Full new class with 188 lines of code
• ✅ Added: Modern API structure with VulnerabilityV2 and Inventory models
• ✅ Added: Advanced filtering: with_cve_id(), with_asset_unique_id(), with_severity(), with_order_by()
• ✅ Added: New API parameters: additional_models[], flat_json, full_graph_fetch, max_tier
• ✅ Added: Proper pagination support with get_results_and_count

---

Breaking Changes: ⚠️

1. Severity format change - From Orca-specific to standard format
2. API endpoint changes - New serving-layer endpoints
3. Query structure - Complete DSL to query builder migration

Improvements: ✅

1. Better pagination - More efficient start_at_index method
2. Enhanced filtering - Multiple filter types supported
3. Modern API support - Latest Orca Security API version

Compatibility: 🔄

• Backward compatible where possible (kept with_cve_id() method)
• API migration required for full functionality
• Configuration updates needed for severity mappings

Checklist:

Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.

General Checks:

• I have read and followed the project's contributing.md guide.
• My code follows the project's coding style guidelines.
• I have performed a self-review of my own code.
• My changes do not introduce any new warnings.
• My changes pass all existing tests.
• I have added new tests where appropriate to cover my changes. (If applicable)
• I have updated the documentation where necessary (e.g., README, API docs). (If applicable)

Open-Source Specific Checks:

• My changes do not introduce any Personally Identifiable Information (PII) or sensitive customer data.
• My changes do not expose any internal-only code examples, configurations, or URLs.
• All code examples, comments, and messages are generic and suitable for a public repository.
• I understand that any internal context or sensitive details related to this work are handled separately in internal systems (Buganizer for Google team members).

For Google Team Members and Reviewers Only:

• I have included the Buganizer ID in the PR title or description (e.g., "Internal Buganizer ID: 123456789" or "Related Buganizer: go/buganizer/123456789").
• I have ensured that all internal discussions and PII related to this work remain in Buganizer.
• I have tagged the PR with one or more labels that reflect the pull request purpose.

---

Screenshots (If Applicable)

If your changes involve UI or visual elements, please include screenshots or GIFs here.
Ensure any sensitive data is redacted or generalized.

---

Further Comments / Questions

Any additional comments, questions, or areas where you'd like specific feedback.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello @viktor-orca, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request modernizes the integration with the Orca Security API for retrieving vulnerability details. By adopting a new query builder and an updated pagination strategy, the system can now fetch vulnerability data more effectively and with greater control. The changes also enhance the parsing of vulnerability information into structured objects and expand the handling of various severity levels, leading to more robust and accurate security insights.

Highlights

• API Version Update for Vulnerability Details: The Get Vulnerability Details action has been updated to utilize the latest Orca Security API version, moving from a DSL filter-based approach to a more structured query builder.
• New Vulnerability Query Builder: A new VulnerabilityQueryBuilder class was introduced to construct queries for the updated vulnerability API, allowing for more precise control over pagination, selected fields, and related models.
• Enhanced Pagination Logic: The pagination mechanism for fetching vulnerability results has been completely rewritten to leverage the new API's start_at_index and get_results_and_count parameters, improving efficiency and accuracy of data retrieval.
• Improved CVE Object Parsing: The build_cve_object method in the parser was refined to explicitly map fields from the raw API response, including nested inventory and installed package details, to the CVE object attributes.
• Expanded Severity Mappings: The SEVERITY_MAPPING and SEVERITY_COLOR_MAPPER constants were extended to include additional severity levels like 'critical', 'high', 'medium', 'low', and 'unknown', providing more granular classification.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• content/response_integrations/third_party/partner/orca_security/core/OrcaSecurityManager.py
  • Imported VULNERABILITIES_MAX_LIMIT and VulnerabilityQueryBuilder.
  • Updated test_connectivity to use the new VulnerabilityQueryBuilder for payload construction.
  • Refactored get_vulnerability_results to use the new VulnerabilityQueryBuilder and _paginate_cve_results method, including error handling.
  • Renamed and completely rewrote _paginate_results to _paginate_cve_results, implementing new pagination logic with VulnerabilityQueryBuilder.
• content/response_integrations/third_party/partner/orca_security/core/OrcaSecurityParser.py
  • Adjusted slicing in build_results for clarity.
  • Modified build_cve_object to explicitly map raw JSON fields, including nested Inventory and InstalledPackage data, to CVE object attributes.
• content/response_integrations/third_party/partner/orca_security/core/constants.py
  • Updated the vulnerability_details endpoint to use SERVING_QUERY.
  • Expanded SEVERITY_MAPPING to include critical, high, medium, low, and unknown severities.
  • Extended SEVERITY_COLOR_MAPPER to provide color styles for the newly added severity levels.
• content/response_integrations/third_party/partner/orca_security/core/query_builder.py
  • Added a start_at_index method to BaseQueryBuilder.
  • Introduced a new VulnerabilityQueryBuilder class with methods for setting query parameters like limit, cve_id, start_at_index, and get_results_and_count, and a build method to construct the new API payload.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the Orca Security integration to use a newer API version for fetching vulnerability details. The changes introduce a new VulnerabilityQueryBuilder, a new pagination logic, and update the parser for the new response format. While the changes are generally in the right direction, I've found a critical bug in the new pagination logic that will cause it to terminate prematurely. I've also identified a potential issue with a payload key in the new query builder that may not be correct for a JSON API. Additionally, there are a few areas for improvement regarding code simplification and adherence to the repository's style guide, particularly concerning docstrings.

[AmitJ98]

Hello @viktor-orca are you part of the orca team?

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

orca_security

Validation Name	Details
⚠️ Integration Version Bump	project.toml file must be updated before PR

[viktor-orca]

Hello @viktor-orca are you part of the orca team?

Hi @AmitJ98 , yes i am.

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

orca_security

Validation Name	Details
⚠️ Uv Lock	Error happened while executing a command: uv lock --check: Using CPython 3.11.14 interpreter at: /opt/hostedtoolcache/Python/3.11.14/x64/bin/python Resolved 34 packages in 418ms The lockfile at uv.lock needs to be updated, but --check was provided. To update the lockfile, run uv lock.

[AmitJ98]

Hello @viktor-orca are you part of the orca team?

Hi @AmitJ98 , yes i am.

ok, so first of all you need to sign the google cla.
secondly see the validation report to resolve the failed validation (uv lock) run uv lock from you integration dir to update your uv.lock file.
see the failed linter github workflow and please fix them.