search

google / osv.dev

Open source vulnerability DB and triage service.
https://osv.dev
Apache License 2.0
1.49k stars 186 forks source link

Import container/helm vulnerabilities from ArtifactHub.io #2666

Open taraspos opened 5 days ago

taraspos commented 5 days ago

Is your feature request related to a problem? Please describe. Currently, osv.dev doesn't have much information about container image vulnerabilities.

At the same time Artifacthub.io runs trivy to scan container images^1, would be great to be able to see vulnerability information collected by Artifacthub in osv.dev.

Describe the solution you'd like Integrate Artifacthub as datasource for vulnerabilities using Security Report API^2

Describe alternatives you've considered Fetching vulnerability information directly form ArtifactHub API^2

Additional context

andrewpollock commented 3 days ago

Thanks for the endorsement and for raising this with Artifacthub.io as well. We're largely dependent on them choosing to publish OSV records before we can move this forward...