advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Ingesting of Drupal advisory database

Open G-Rath opened this issue 1 month ago • 0 comments

We've been working with the Drupal community and OSV team to have Drupal advisories published in OSV format and ingested into osv.dev, with the database living here: https://github.com/DrupalSecurityTeam/drupal-advisory-database

We've recently gotten the database ingested into the test instance of osv.dev, and plan to have it moved to production ideally at the start of December.

I wanted to check if there is anything else needed to have GitHub use these advisories for tools like dependabot, or if having the advisories ingested into osv.dev is enough.

Note that while the database is not currently in production, we believe the advisories are stable and suitable to be used in production

G-Rath avatar Nov 18 '25 21:11 G-Rath