andrewpollock
commented
1 week ago This recently confused me as well and there's an opportunity here to make the handling of this clearer in the documentation, and perhaps even as a README embedded in the zip file itself, to ensure discoverability...
Basically, the GIT ecosystem is a "synthetic" ecosystem, conditionally added at import time:
If you look at https://osv-vulnerabilities.storage.googleapis.com/GIT/GSD-2022-1001781.json, you'll note the ecosystem named there is Linux, so because there's already an ecosystem present, one isn't synthesized for this record.
In other words, you'll find this particular record in the Linux ecosystem export, not the GIT one, which I agree is somewhat weird and violates the principle of least surprise. Apologies for this user experience.
yashrsharma44
Describe the bug
While checking the zip file which contains all the vulns in the feed, some of them are missing from the zip file. For instance -
I can see them in the feed - https://osv-vulnerabilities.storage.googleapis.com/GIT/GSD-2022-1001781.json, but for some reason, they are missing from the zip file
To Reproduce Steps to reproduce the behaviour: Already shared in the error description
Expected behaviour Vulnerability should be present Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.