andrewpollock
commented
1 week ago Hi @khorben, this is exciting progress. I can review this from the OSV side of things, is there a VuXML SME who can review that side of things?
Also, if you look at tools/redhat for inspiration, having some test data to validate behaviour is also helpful.
This is relevant to FreeBSD's ports, and possibly to any other project using the VuXML format in order to track vulnerabilities. (http://vuxml.freebsd.org)
The objective is to help FreeBSD offer security advisories in the OSV format, for ports first but possibly also for base components in the future. The corresponding ecosystem string (most likely
FreeBSD) will be requested in a dedicated pull request.Sponsored by: The FreeBSD Foundation