Vinod Anandan
Vinod Anandan
Currently, many advisories are missing the top-level severity data even when there may be a database_specific or ecosystem_specific severity data available. OSV should use appropriate severity value from the sources.
https://osv.dev/vulnerability/GSD-2021-1000677 The "Affected versions" and the GIT "Affected ranges" range values are available. But providing the SEMVER "Afected ranges" too, will help with the enhanced affected component mapping.
The users may want to mirror the OSV batch data to improve the performance on both sides. If the OSV API can provide batch data similar to the one from...
More Information : https://github.blog/2020-09-30-code-scanning-is-now-available/
#### What would you like to be added: Provide support and generate CycloneDX SBOM. #### Why is this needed: OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard...
The known vulnerabilities inherited from the use of third-party and open source software and the exploitability of the vulnerabilities can be communicated with CycloneDX. Previously unknown vulnerabilities affecting both components...
Could you please generate the ecosystems.txt in the root that would contain a list of all the ecosystems currently in OSV, from which users can construct URLs to download all...
We should publish the Bill of Materials (BOM) files to the Artifact repository along with the Java Archive (JAR) file, similar to how it's done with the Maven plugin." (...
Currently, the CycloneDX Gradle plugin is not capturing the build input task name and extra build arguments in bom, we should also capture it in "properties" ( https://cyclonedx.org/docs/1.5/json/#properties ) similar...