Add Malicious Packages and the "MAL" id namespace.

Signed-off-by: Caleb Brown <calebbrown@google.com>
ossf · Feb 1, 2024 · 81f50fb · 81f50fb
1 parent 1fcd55b
commit 81f50fb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,7 @@ This is the repository for the Open Source Vulnerability schema (OSV Schema), wh
 - [Go Vulnerability Database](https://github.com/golang/vulndb)
 - [Haskell Security Advisories](https://github.com/haskell/security-advisories)
 - [LoopBack Advisory Database](https://github.com/loopbackio/security/tree/main/advisories)
+- [Malicious Packages Repository](https://github.com/ossf/malicious-packages)
 - [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns)
 - [OSV.dev maintained converters](https://github.com/google/osv.dev#current-data-sources) (Debian, Alpine, NVD)
 - [PyPI Advisory Database](https://github.com/pypa/advisory-database)

diff --git a/docs/schema.md b/docs/schema.md
@@ -277,6 +277,17 @@ The defined database prefixes and their "home" databases are:
         </ul>
       </td>
     </tr>
+    <tr>
+      <td><code>MAL</code></td>
+      <td><a href="https://github.com/ossf/malicious-packages/tree/main/osv/">Malicious Packages Repository</a></td>
+      <td>
+        <ul>
+          <li>How to contribute: <a href="https://github.com/ossf/malicious-packages/blob/main/CONTRIBUTING.md">https://github.com/ossf/malicious-packages/blob/main/CONTRIBUTING.md</a></li>
+          <li>Source URL: <code>N/A</code></li>
+          <li>OSV Formatted URL: <code>https://api.osv.dev/v1/vulns/&lt;ID&gt;</code></li>
+        </ul>
+      </td>
+    </tr>
     <tr>
       <td><code>OSV</code></td>
       <td><a href="https://osv.dev/list">Advisories allocated by OSV.dev (currently only from OSS-Fuzz)</a></td>