Comments (4)
oliverchang
commented on August 22, 2024
1
We indeed have the tooling necessary to collect all the GHSA entries: https://github.com/ossf/osv-schema/tree/main/tools/ghsa and will soon have a GCS bucket that contains these continuously updated. It can certainly be a useful additional point of reference for our matcher!
from osv.dev.
di
commented on August 22, 2024
See pypa/advisory-database#65 for an example of where collecting the GHSA entries would ensure advisory databases are more up-to-date.
from osv.dev.
G-Rath
commented on August 22, 2024
@di unfortunately GHSA doesn't have everything either - see github/advisory-database#115 for an example of that.
(not to discourage you or anything, as I think its still a good idea - I just want to raise awareness that currently the GHSA entiries are not entirely up-to-date 😥)
from osv.dev.
westonsteimel
commented on August 22, 2024
We could probably start by just using the data from https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip since the python GHSA info is included there now and is already in OSV format.
from osv.dev.
Related Issues (20)
- Data Quality issue with GHSA-w9jx-4g6g-rp7x HOT 1
- GHSA-c5pj-mqfh-rvc3 Still in osv HOT 3
- Data quality issue with 2016/2017 Ruby CVEs HOT 4
- Grouping multiple unrelated Git repos into a single "affected" entry is confusing HOT 7
- Failed to hydrate an OSV response due to an unexpected severity type format HOT 3
- Incorrect tooltip text on osv.dev when starting affected version is 0
- OSV API Response is Inconsistent with Schema HOT 2
- eze-cli homepage return 404
- Missing fixed attribute in libucl bug HOT 14
- Data quality issue with CVE-2024-38356 & CVE-2024-38357 HOT 1
- Haskell GHC ecosystem enumeration broken
- CVSS severities are never validated HOT 1
- Always return the upstream aliases when no alias groups are generated HOT 12
- Data quality issue with CVE-2023-34055 HOT 7
- Request vulnerability of multiple package in the same request HOT 4
- Failed to enumerate versions for some Debian packages HOT 1
- Data quality issue with GO-2024-2521 HOT 4
- Data quality issue with PYSEC-2024-60 HOT 2
- Support API queries for non-enumerated ecosystems
- Missing PURL converters HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osv.dev.