Register HSEC database and Hackage ecosystem in osv-schema #4
Assignees
Comments
|
Once the system is in place, we should also create an issue for https://github.com/github/advisory-database#sources . |
|
I propose registering:
|
|
Working on this right now, will have a PR by end of week |
|
PR was merged: ossf/osv-schema#157 But the updates have not been "released". And we still need to give some examples. So I guess we leave this open for now. |
|
Everything is done on the osv.dev side (google/osv.dev#1463). Probably we just need to add some examples to the osv-schema repo, and then we can close this. |
|
Yeah, I have left some TODOs there, I'll take care of them during this weekend. |
mihaimaruseac
added a commit
to mihaimaruseac/osv-schema
that referenced
this issue
Aug 23, 2023
I had left 2 TODOs to add JSON examples. Filling them now (will redo the GHC one when we get a real GHC issue) and closing haskell/security-advisories#4. Signed-off-by: Mihai Maruseac <mihai.maruseac@gmail.com>
|
Closed accidentally due to the way I set-up the upstream/fork repos |
oliverchang
pushed a commit
to ossf/osv-schema
that referenced
this issue
Sep 12, 2023
I had left 2 TODOs to add JSON examples. Filling them now (will redo the GHC one when we get a real GHC issue) and closing haskell/security-advisories#4. --------- Signed-off-by: Mihai Maruseac <mihai.maruseac@gmail.com>
|
The osv-schema PR was merged. This ticket is resolved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
osv-schema has a registry of advisory database identifiers (https://ossf.github.io/osv-schema/#id-modified-fields) and a registry of "package ecosystems" (https://ossf.github.io/osv-schema/#affectedpackage-field). We should send a PR to register the HSEC advisory database, and Hackage (as well as, perhaps, GHC itself, e.g. see the definition for
Linux).The text was updated successfully, but these errors were encountered: