diff --git a/README.md b/README.md index 29c2f65b96f..1352aa7bce6 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,19 @@ # OSV - Open Source Vulnerabilities -OSV is a [vulnerability database] and triage infrastructure for open source -projects aimed at helping both open source maintainers and consumers of open -source. +[osv.dev] is a [vulnerability database] and triage infrastructure for +open source projects aimed at helping both open source maintainers and +consumers of open source. -For open source maintainers, OSV's automation helps reduce the burden of triage. -Each vulnerability undergoes automated bisection and impact analysis to -determine precise affected commit and version ranges. +This repository contains the infrastructure code that serves [osv.dev] +(and other user tooling). This infrastructure serves as an aggregator of +vulnerability databases that have adopted the +[OpenSSF Vulnerability format](https://github.com/ossf/osv-schema). -For open source consumers, OSV provides an API that lets users of these projects -query whether or not their versions are impacted. +[osv.dev] additionally provides infrastructure to ensure affected +versions are accurately represented in each vulnerability entry, through +bisection and version analysis. +[osv.dev]: https://osv.dev [vulnerability database]: https://osv.dev/list

@@ -19,9 +22,9 @@ query whether or not their versions are impacted. ## Current data sources **This is an ongoing project.** We encourage open source ecosystems to adopt -the [OpenSSF Vulnerability format](https://github.com/ossf/osv-schema) for the -benefit of the open source community. See our -[blog post](https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html) +the [OpenSSF Vulnerability format](https://github.com/ossf/osv-schema) to enable +open source users to easily aggregate and consume vulnerabilities across all ecosystesm. +See our [blog post](https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html) for more details. The following ecosystems have vulnerabilities encoded in this format: @@ -72,7 +75,8 @@ You can find an overview of OSV's architecture [here](docs/architecture.md). ## This repository -This repository contains all the code for running OSV on GCP. This consists of: +This repository contains all the code for running https://osv.dev on GCP. This +consists of: - API server (`gcp/api`) - Web interface (`gcp/appengine`) diff --git a/docs/images/diagram.png b/docs/images/diagram.png index af485469a3a..22577bc3e4a 100644 Binary files a/docs/images/diagram.png and b/docs/images/diagram.png differ diff --git a/gcp/appengine/frontend/src/components/Home.vue b/gcp/appengine/frontend/src/components/Home.vue index 836097cc7ae..20cfeb7affb 100644 --- a/gcp/appengine/frontend/src/components/Home.vue +++ b/gcp/appengine/frontend/src/components/Home.vue @@ -23,29 +23,30 @@

Database for open source vulnerabilities

- OSV is a vulnerability database + OSV.dev is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.

- This feed contains vulnerabilities from + This infrastructure serves as an aggregator of vulnerabilities from OSS-Fuzz (mostly C/C++), Python, and Go, and Rust, and GSD, and - npm (from GitHub Security Advisories). - - More to come. + parts of GitHub Security Advisories (Maven, npm). +

+

+ These databases have all adopted the + OpenSSF Open Source + Vulnerability format, making common tooling and aggregation very + simple. More data sources from other popular ecosystems are in the works.

API

For open source consumers, OSV provides an API that lets users query whether or not their versions are impacted. - - These vulnerabilities are encoded in the - OpenSSF Open Source Vulnerability format. 

         curl -X POST -d \
@@ -69,7 +70,8 @@
       

       
Open source

       

-        This is an open source project from Google.
+        This is an open source project.
+        We welcome contributions!
       

       
More information