osv.dev
osv.dev copied to clipboard
google
Missing PURL converters
We've added a few OSV ecosystems without adding PURL conversions for them.
Ecosystems that don't have corresponding PURL entries (And their known purl type):
- [ ]
AlmaLinux - [ ]
Android - [ ]
Bioconductor - [x]
Bitnami(bitnami) - [x]
Chainguard(apk/chainguard) - [ ]
ConanCenter(conan) - [ ]
CRAN(cran) - [ ]
GHC - [ ]
GitHub Actions(github?) - [ ]
Linux - [ ]
Photon OS - [x]
Rocky Linux - [x]
SwiftURL(swift) (thanks @sschuberth!) - [x]
Ubuntu(deb/ubuntu) - [x]
Wolfi(apk/wolfi)
Some of the OSV records have PURLs already because the data source provides them (e.g. Bitnami, Chainguard & Wolfi)
I think we need to come up with some way to make sure we always have these, and explicitly define ecosystems with no PURL equivalents.
I think we need to come up with some way to make sure we always have these, and explicitly define ecosystems with no PURL equivalents.
I'm trying to pull together a checklist for onboarding a new data source, the closest thing to date is https://github.com/google/osv.dev/issues/2252#issuecomment-2138754180 but I was completely unaware of this functionality being a thing until now, so this also needs to be added.
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
:sparkles: Thank you for your interest in OSV.dev's data quality! :sparkles:
Please review our FAQ entry on how to most efficiently have this addressed.
related discussion: https://github.com/google/osv.dev/pull/2900#discussion_r1861438920
