Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for OSV schema #217

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: add support for OSV schema #217

wants to merge 5 commits into from

Conversation

juan131
Copy link

@juan131 juan131 commented Jan 9, 2024

Summary

As described at anchore/grype#1609, Bitnami is providing vulnerability matching data for their containers via the Bitnami Vulnerability Database repository.

This database uses the Open Source Vulnerability format (AKA OSV) and it's currently part of the aggregated OSV vulnerability database.

This PR follows up anchore/vunnel#447, adding support to grype-db to aggregate data from CVE feeds using the OSV schema.

@juan131
Copy link
Author

juan131 commented Jan 15, 2024

cc @westonsteimel @wagoodman

wagoodman
wagoodman approved these changes Feb 2, 2024
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This allows for ingesting OSV records, we can add individual DB transformer functions in a follow up PR

juan131 and others added 3 commits February 5, 2024 13:11
@juan131
feat: add support for OSV schema
0301781 
Signed-off-by: juan131 <jariza@vmware.com>
@wagoodman @juan131
fix linting
1f29a51 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@juan131
fix: go mod tidy
3f96831 
Signed-off-by: juan131 <jariza@vmware.com>
@juan131
Copy link
Author

juan131 commented Mar 12, 2024

@wagoodman sorry for the long delay on resuming this work, I've been involved in other projects these last weeks and I didn't find the time for this.

@wagoodman wagoodman added the enhancement New feature or request label Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman Awaiting requested review from wagoodman

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@juan131 @wagoodman