search

nexB / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
https://public.vulnerablecode.io
Apache License 2.0
508 stars 187 forks source link

Collect advisories for AlmaLinux #1201

Open mjherzog opened 1 year ago

mjherzog commented 1 year ago

AlmaLinux (CentOS successor) has its own listing of applicable OSV advisories at: https://github.com/AlmaLinux/osv-database/tree/master/advisories. We may want to add these to VulnerableCode.

ambuj-1211 commented 4 months ago

@mjherzog If this one is free I am working on it.

ziadhany commented 2 months ago

@ambuj-1211 AlmaLinux uses OSV schema and we have a script to handle OSV you should use this script instead of writing the importer from scratch. https://github.com/nexB/vulnerablecode/blob/4a6734b1bbaa8df6fd816f3eb4fd843a88c1ecec/vulnerabilities/importers/osv.py

and try to have a look at similar importers : https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/github_osv.py https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/oss_fuzz.py

ambuj-1211 commented 2 months ago

@ambuj-1211 AlmaLinux uses OSV schema and we have a script to handle OSV you should use this script instead of writing the importer from scratch. https://github.com/nexB/vulnerablecode/blob/4a6734b1bbaa8df6fd816f3eb4fd843a88c1ecec/vulnerabilities/importers/osv.py

and try to have a look at similar importers : https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/github_osv.py https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/oss_fuzz.py

Okay @ziadhany