devguard icon indicating copy to clipboard operation
devguard copied to clipboard
verified publisher icon l3montree-dev

Integrate malicious package database into vulndb

Open timbastin opened this issue 8 months ago • 1 comments

https://github.com/ossf/malicious-packages

I think we can just download the repo zip and iterate over all packages - like we do for the osv in general.

timbastin avatar Apr 21 '25 12:04 timbastin

The solution should be even simpler. We are already synchronising the osv database. It does provide "MAL-*.json" files. I think currently we filter those and only save cves.

timbastin avatar Apr 21 '25 12:04 timbastin

Closing as duplicated: https://github.com/l3montree-dev/devguard/issues/53

seb-kw avatar Oct 31 '25 15:10 seb-kw