feat(osv): add osv support #161
Conversation
pkg/vulnsrc/osv/osv.go
Outdated
| } | ||
| } | ||
|
|
||
| func MustParse(layout, value string) *time.Time { |
There was a problem hiding this comment.
made it private
pkg/vulnsrc/osv/osv_test.go
Outdated
| }, | ||
| }, | ||
| { | ||
| name: "single range version and references Go", |
There was a problem hiding this comment.
Could you name it better?
There was a problem hiding this comment.
changed test names
pkg/vulnsrc/osv/osv.go
Outdated
| Rust = "crates.io" | ||
| ) | ||
|
|
||
| var defaultEcosystem = []ecosystem{ |
There was a problem hiding this comment.
consider using map here this way getEcoSystem() won't be required
There was a problem hiding this comment.
also variable name should be in plural form
There was a problem hiding this comment.
made map, remove getEcoSystem()
pkg/vulnsrc/osv/osv.go
Outdated
| } | ||
|
|
||
| func (vs VulnSrc) Name() string { | ||
| switch vs.ecosystem.name { |
There was a problem hiding this comment.
add vulnerability.OsvPyPI, vulnerability.OsvGo and vulnerability.OsvCratesio as separate property to defaultEcosystems map entries above. Get entry and return that property when name is required
There was a problem hiding this comment.
added new field in ecosystem, changed Name()
pkg/vulnsrc/osv/osv.go
Outdated
| return ecosystem{} | ||
| } | ||
|
|
||
| func (vs VulnSrc) Get(pkgName string) ([]types.Advisory, error) { |
There was a problem hiding this comment.
this is very similar to
https://github.com/aquasecurity/trivy-db/blob/main/pkg/db/advisory.go#L23
There was a problem hiding this comment.
used GetAdvisories
There was a problem hiding this comment.
after latest trivy change it may be not required at all
pkg/vulnsrc/osv/osv.go
Outdated
| return ecosystem{} | ||
| } | ||
|
|
||
| func (vs VulnSrc) Get(pkgName string) ([]types.Advisory, error) { |
There was a problem hiding this comment.
after latest trivy change it may be not required at all
pkg/vulnsrc/osv/osv.go
Outdated
| } | ||
|
|
||
| type VulnSrc struct { | ||
| ecosystem ecosystem |
There was a problem hiding this comment.
should it be reference?
func Get removed, ecosystem is pointer now
pkg/vulnsrc/osv/osv.go
Outdated
|
|
||
| const ( | ||
| osvDir = "osv" | ||
| platformFormat = "%s::Osv Security Advisories" |
There was a problem hiding this comment.
You can this function.
trivy-db/pkg/vulnsrc/bucket/bucket.go
Line 16 in 3c60651
There was a problem hiding this comment.
used this function
pkg/vulnsrc/osv/osv.go
Outdated
| "github.com/aquasecurity/trivy-db/pkg/types" | ||
| "github.com/aquasecurity/trivy-db/pkg/utils" | ||
| "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" | ||
| vtypes "github.com/aquasecurity/vuln-list-update/osv" |
There was a problem hiding this comment.
Please don't depend on vuln-list-udpate. You can define a new struct having necessary fields only.
|
Hello @knqyf263 ! |
Description
Support OSV format
https://ossf.github.io/osv-schema/#python-vulnerability
Blockers