Holly Gong
Holly Gong
Thanks @G-Rath! It looks really nice! I tested it on container scanning, and the vertical results are much clearer than table ones. Adding some suggestions to further improve the display...
@G-Rath you are right, this is just an initial PR, we should probably not add too many new features to this. I will address the container scanning output format in...
@G-Rath Is this the call analysis output that you are looking for: https://github.com/google/osv-scanner/blob/4a3375f3b7046a791d0d1d370d559caa3c02c132/cmd/osv-scanner/__snapshots__/main_test.snap#L479
> why would you want to combine CVE entries? The initial reason was that [Alpine SecDB](https://storage.googleapis.com/cve-osv-conversion/index.html?prefix=osv-output/) uses [CVE IDs ](https://security.alpinelinux.org/vuln/CVE-2024-6197)to publish their vulnerabilities. So, we created a [tool](https://github.com/google/osv.dev/tree/master/vulnfeeds/cmd/combine-to-osv) to combine...
> Thanks for clarifying it, and would the prefix also be necessary for the filename itself? or could we have a filename CVE-2024-0001.json and inside of it `id = "UBTU-CVE-2024-0001`?...
> The only thing to confirm is which should be the prefix, Ubuntu-, UBUNTU-, UBTU-? Thanks for confirming! We prefer `UBUNTU-` to align with our current naming schema. Same as...
Hey @dodys, I have two questions about Ubuntu CVE OSV records ([ubuntu-security-notices](https://github.com/canonical/ubuntu-security-notices/tree/main)/[osv](https://github.com/canonical/ubuntu-security-notices/tree/main/osv)). First, I'm curious why some affected packages lack the [`ubuntu_priority`](https://git.launchpad.net/ubuntu-cve-tracker/tree/README#n257) field. This field is from the vulnerability level...
> Does that help clarify? Thanks Eduardo! It's very detailed and helpful! Having all the `ubuntu_priority` info should be sufficient for us, especially considering you've already helped us filter out...
> I forgot to ask one thing Holly For the USN data, should we change the related field to refer to the `UBUNTU-CVE-...` or should we keep it as `CVE-...`?...
Hey @dodys, thanks for the Ubuntu CVE updates! It looks good overall. One thing to mention is the `aliases`/`related` part. I noticed that `CVEs-` are added as [aliases](https://github.com/canonical/ubuntu-security-notices/blob/46414772b8339868f1641dc40a47469d0bf24c55/osv/cve/2016/UBUNTU-CVE-2016-5542.json#L6) to `UBUNTU-CVE-`,...