NuGet / Home

Repo for NuGet Client issues
Other
1.5k stars 252 forks source link

[Feature] Allow vulnerability auditing from OSV .json feeds #13684

Open JonDouglas opened 2 months ago

JonDouglas commented 2 months ago

NuGet Product(s) Involved

NuGet SDK

The Elevator Pitch

I should be able to override or append to the NuGet vulnerability auditing functionality a feed that I'd like to check for vulnerabilities with.

This feed is typically an OSV .json format - https://ossf.github.io/osv-schema/

The use case for this could be companies that have not yet disclosed vulnerabilities but would like to audit them internally or for customers to use other feeds they prefer.

Additional Context and Details

No response

Nigusu-Allehu commented 2 months ago

Is it any different from https://github.com/NuGet/Home/issues/12975 ?

JonDouglas commented 2 months ago

They are related. This one is more related to standalone OSV .json feeds: https://github.com/NuGet/Home/pull/12918#discussion_r1356720562