Open yashrsharma44 opened 1 week ago
This recently confused me as well and there's an opportunity here to make the handling of this clearer in the documentation, and perhaps even as a README embedded in the zip file itself, to ensure discoverability...
Basically, the GIT
ecosystem is a "synthetic" ecosystem, conditionally added at import time:
If you look at https://osv-vulnerabilities.storage.googleapis.com/GIT/GSD-2022-1001781.json, you'll note the ecosystem
named there is Linux
, so because there's already an ecosystem
present, one isn't synthesized for this record.
In other words, you'll find this particular record in the Linux
ecosystem export, not the GIT one, which I agree is somewhat weird and violates the principle of least surprise. Apologies for this user experience.
Ahh, didn't knew about the assumption, that GIT feed doesn't contain feeds from "Linux" ecosystem. Thanks for letting me know!
Keeping this open, for tracking the documentation issue though.
Describe the bug
While checking the zip file which contains all the vulns in the feed, some of them are missing from the zip file. For instance -
I can see them in the feed - https://osv-vulnerabilities.storage.googleapis.com/GIT/GSD-2022-1001781.json, but for some reason, they are missing from the zip file
To Reproduce Steps to reproduce the behaviour: Already shared in the error description
Expected behaviour Vulnerability should be present Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.