-
**Describe the bug**
Not sure if I'm actually missing something, but I'm getting a timeout when running:
```
$ curl -d '{"package": {"name": "linux-oracle-5.15", "ecosystem": "Ubuntu:20.04:LTS"}, "…
dodys updated
1 month ago
-
The Scorecard weekly cron makes many API calls to osv.dev. The OSV team asked if we specify a unique user agent, and we don't.
It would be good to set one. There is a `RequestUserAgent ` variable we …
-
**Problem statement:**
Today, [`affected[].versions`](https://ossf.github.io/osv-schema/#affectedversions-field) enumeration only occurs during the import of an OSV record.
#1987 has identified …
-
See #510
Would be a breaking change so saved for V2.
-
I havent had a real problem with this, so maybe this is a non-issue, already handled somehow within osv-scanner.
That said, this feels like it is a problem with using `osv-scanner --lockfile Cargo.…
-
Currently the SARIF output includes a psuedo path to `osv-scanner.toml` which is always Unix based even on Windows:
https://github.com/google/osv-scanner/blob/a2c1602cf10816b5ff81d9e03572ba11dbb15a…
-
Currently OSV-Scanner does not support `pyproject.toml` files.
Example: https://github.com/huggingface/datatrove/blob/main/pyproject.toml
I am not familiar with how many projects use a `pyprojec…
-
**Describe the bug**
Some vulnerabilities in OSV do not mention alias whereas the source link has alias data.
**To Reproduce**
https://vuln.go.dev/ID/GO-2024-2947.json mentions two aliases wherea…
-
Have a consistent theme between osv.dev, https://google.github.io/osv-scanner/ (osv-scanner docs), https://google.github.io/osv.dev/ (osv.dev docs), https://ossf.github.io/osv-schema/ (osv-schema)
-
An interesting conversation today spawned the idea of providing OSV data via a BigQuery Public Dataset.
Apparently there's a path from Cloud Data Store to BigQuery. Something to explore further in …