search

google / osv.dev

Open source vulnerability DB and triage service.
https://osv.dev
Apache License 2.0
1.49k stars 186 forks source link

Support git-lfs for git sources. #2647

Open oliverchang opened 4 days ago

oliverchang commented 4 days ago

Currently, we don't support git-lfs when checking out git sources.

E.g. https://github.com/jasinner/redhat-osv (at time of writing) uses git-lfs, and we're failing to import them with logs like:

Failed to parse RHSA-2022:0146.json: Expecting value: line 1 column 1 (char 0)
oliverchang commented 4 days ago

@jasinner FYI! Is there any possibility you'd be able to add the Red Hat data to https://github.com/jasinner/redhat-osv without using git-lfs ?

andrewpollock commented 4 days ago

We've been discussing this, and arrived at https://github.com/google/osv.dev/pull/2645 while their REST API goes live.

oliverchang commented 4 days ago

We've been discussing this, and arrived at #2645 while their REST API goes live.

My bad, missed that.