vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Ingest pub data through Github api

Open shravankshenoy opened this issue 1 year ago • 5 comments

Fixes #1039

Changes Made

Modified github.py importer to ingest pub data and added test files

Other Considerations

The Github Advisory Database has very few advisories for Pub (https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apub), hence one can see all of those in the pub_expected.json test file (just helps in case anyone wants to do an additional round of manual check with the source database)

shravankshenoy avatar Feb 12 '24 08:02 shravankshenoy

@shravankshenoy we need univers support for pub, see https://github.com/nexB/univers

TG1999 avatar Feb 26 '24 18:02 TG1999

@shravankshenoy we need univers support for pub, see https://github.com/nexB/univers

Thanks @TG1999 for sharing this. I went through the official pubspec documents (https://dart.dev/tools/pub/pubspec) to understand how versioning works in Dart, and I believe Dart follows semantic versioning (ref https://dart.dev/tools/pub/pubspec#version). However, I would like to learn a bit of Dart so that I can understand the docs better. Post that, I will try to create a PR in univers which supports pub. Until then I will convert this PR to a draft.

Moreover, since Rust/Cargo is supported in both purl spec and univers, I will create a similar PR for Rust which fixes #1039 . Hope that works

shravankshenoy avatar Feb 27 '24 13:02 shravankshenoy

@shravankshenoy :bow: , IMO you don't need to learn dart for adding pub support in univers.

TG1999 avatar Feb 27 '24 13:02 TG1999

@shravankshenoy 🙇 , IMO you don't need to learn dart for adding pub support in univers.

Got it :sweat_smile: Will try to create the PR to support pub on univers then.

shravankshenoy avatar Feb 27 '24 15:02 shravankshenoy

@shravankshenoy please rebase this PR!

TG1999 avatar Jul 22 '24 15:07 TG1999