[bug] timestamp-UTC

Signed-off-by: desmax74 <[email protected]>

pkg/assembler/backends/arangodb/certifyVuln.go

@@ -113,7 +113,7 @@ func setCertifyVulnMatchValues(arangoQueryBuilder *arangoQueryBuilder, certifyVu
 	}
 	if certifyVulnSpec.TimeScanned != nil {
 		arangoQueryBuilder.filter("certifyVuln", timeScannedStr, "==", "@"+timeScannedStr)
-		queryValues[timeScannedStr] = certifyVulnSpec.TimeScanned.UTC()
+		queryValues[timeScannedStr] = certifyVulnSpec.TimeScanned
 	}
 	if certifyVulnSpec.DbURI != nil {
 		arangoQueryBuilder.filter("certifyVuln", dbUriStr, "==", "@"+dbUriStr)

pkg/assembler/backends/ent/backend/scorecard.go

@@ -182,7 +182,7 @@ func toModelScorecard(record *ent.Scorecard) *model.Scorecard {
 	return &model.Scorecard{
 		Checks:           record.Checks,
 		AggregateScore:   record.AggregateScore,
-		TimeScanned:      record.TimeScanned,
+		TimeScanned:      record.TimeScanned.UTC(),
 		ScorecardVersion: record.ScorecardVersion,
 		ScorecardCommit:  record.ScorecardCommit,
 		Origin:           record.Origin,

pkg/ingestor/parser/csaf/parser_csaf.go

@@ -293,7 +293,7 @@ func (c *csafParser) GetPredicates(ctx context.Context) *assembler.IngestPredica
 
 				if status == "known_affected" || status == "under_investigation" {
 					vulnData := generated.ScanMetadataInput{
-						TimeScanned: c.csaf.Document.Tracking.CurrentReleaseDate,
+						TimeScanned: c.csaf.Document.Tracking.CurrentReleaseDate.UTC(),
 					}
 					cv := assembler.CertifyVulnIngest{
 						Pkg:           vi.Pkg,
@@ -303,7 +303,7 @@ func (c *csafParser) GetPredicates(ctx context.Context) *assembler.IngestPredica
 					cvs = append(cvs, cv)
 				} else if status == "known_not_affected" || status == "fixed" {
 					vulnData := generated.ScanMetadataInput{
-						TimeScanned: c.csaf.Document.Tracking.CurrentReleaseDate,
+						TimeScanned: c.csaf.Document.Tracking.CurrentReleaseDate.UTC(),
 					}
 					noVuln := generated.VulnerabilityInputSpec{
 						Type: "NoVuln",

pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go

@@ -376,7 +376,7 @@ func (c *cyclonedxParser) getVulnerabilities(ctx context.Context) error {
 					cv := assembler.CertifyVulnIngest{
 						Vulnerability: vuln,
 						VulnData: &model.ScanMetadataInput{
-							TimeScanned: publishedTime,
+							TimeScanned: publishedTime.UTC(),
 						},
 						Pkg: v.Pkg,
 					}

pkg/ingestor/parser/open_vex/parser_open_vex.go

@@ -82,7 +82,7 @@ func (c *openVEXParser) Parse(ctx context.Context, doc *processor.Document) erro
 
 			if s.Status == vex.StatusAffected || s.Status == vex.StatusUnderInvestigation {
 				vulnData := generated.ScanMetadataInput{
-					TimeScanned: *openVex.Metadata.Timestamp,
+					TimeScanned: openVex.Metadata.Timestamp.UTC(),
 				}
 				cv := assembler.CertifyVulnIngest{
 					Pkg:           ingest.Pkg,

pkg/ingestor/parser/scorecard/parser_scorecard.go

@@ -116,6 +116,7 @@ func (p *scorecardParser) getPredicates(s *sc.JSONScorecardResultV2) error {
 			return err
 		}
 	}
+	timeScanned = timeScanned.UTC()
 
 	p.vcsStrings = append(p.vcsStrings, s.Repo.Name)
 	p.srcPredicates = append(p.srcPredicates, &model.SourceInputSpec{

pkg/ingestor/parser/vuln/vuln.go

@@ -105,7 +105,7 @@ func parseSubject(s *attestation_vuln.VulnerabilityStatement) ([]*generated.PkgI
 
 func parseMetadata(s *attestation_vuln.VulnerabilityStatement) *generated.ScanMetadataInput {
 	return &generated.ScanMetadataInput{
-		TimeScanned:    *s.Predicate.Metadata.ScannedOn,
+		TimeScanned:    s.Predicate.Metadata.ScannedOn.UTC(),
 		DbUri:          s.Predicate.Scanner.Database.Uri,
 		DbVersion:      s.Predicate.Scanner.Database.Version,
 		ScannerUri:     s.Predicate.Scanner.Uri,