Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discussion] Adopt OSV unified vulnerability schema for open source #576

Open
jaylinski opened this issue Jun 27, 2021 · 1 comment · May be fixed by #599
Open

[Discussion] Adopt OSV unified vulnerability schema for open source #576

jaylinski opened this issue Jun 27, 2021 · 1 comment · May be fixed by #599

Comments

@jaylinski
Copy link
Contributor

jaylinski commented Jun 27, 2021
edited

Introduction

Google recently published it's OSV unified vulnerability schema for open source: https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html

OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.

For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impact analysis to determine precise affected commit and version ranges.

For open source consumers, OSV provides an API that lets users of these projects query whether or not their versions are impacted.

Discussion

It like the idea of having a unified schema for open source vulnerabilities, so I think it would be nice if this repository could adopt the new OSV schema.

I see the following benefits:

I'm looking forward for your input. :octocat:

The format-change should be pretty straight forward. I'll open a PR if this proposal receives positive feedback.
@FriendsOfPHP FriendsOfPHP deleted a comment from Pentatool15 Jun 30, 2021
@westonsteimel
Copy link

The schema has also stabilized now per https://ossf.github.io/osv-schema/#status---2021-09-08

jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
d2ee55b 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
9e29b25 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
a4ac2e8 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
e6d8f95 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
3478e41 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
ddf6a01 
Fixes FriendsOfPHP#576
@jaylinski jaylinski linked a pull request Nov 17, 2021 that will close this issue
Open
3 tasks
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
53460b2 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
bd91594 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
2a3ab0b 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
a677a1f 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 17, 2021
@jaylinski
Export advisories in OSV format
9203319 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
860807b 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
f120991 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
04398b9 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
2d4f562 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
4e32212 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
05e8277 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
da8061d 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
e0825fa 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
e41fbe9 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
37cc6b1 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
1b49ea4 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
5d2ade5 
Fixes FriendsOfPHP#576
jaylinski added a commit to jaylinski/security-advisories that referenced this issue Nov 18, 2021
@jaylinski
Export advisories in OSV format
1827365 
Fixes FriendsOfPHP#576
@GuySartorelli GuySartorelli mentioned this issue Dec 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Export advisories in OSV format jaylinski/security-advisories
2 participants
@westonsteimel @jaylinski