Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CRAN+Bioconductor ecosystems #176

Merged
merged 3 commits into from Jul 24, 2023
Merged

Add CRAN+Bioconductor ecosystems #176

merged 3 commits into from Jul 24, 2023

Conversation

MichaelChirico
Copy link
Contributor

Closes #175.

I didn't quite understand "Source URL" vs. "OSV Formatted URL" so I took a guess.

cc @tylfin as upstream maintainer. I marked this as "unofficial" despite R Consortium backing, please CMIIW.

@tylfin
Copy link
Contributor

tylfin commented Jul 13, 2023

I think it's okay to mark this as unofficial pending widespread adoption. I'll be working on organizing a working group (or similar) to document a process for triaging vulnerabilities and documenting a formal approval process.

oliverchang
oliverchang reviewed Jul 17, 2023
View reviewed changes
Copy link
Contributor

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

README.md Outdated Show resolved Hide resolved
docs/schema.md Show resolved Hide resolved
@MichaelChirico @tylfin
Update README.md
d76df37 
Co-authored-by: Tyler Finethy <tylfin@gmail.com>
Signed-off-by: Michael Chirico <michaelchirico4@gmail.com>
@tylfin tylfin mentioned this pull request Jul 18, 2023
Closed
@oliverchang oliverchang mentioned this pull request Jul 19, 2023
Closed
2 tasks
oliverchang
oliverchang approved these changes Jul 19, 2023
View reviewed changes
Copy link
Contributor

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, thanks!

rhalar
rhalar reviewed Jul 20, 2023
View reviewed changes
docs/schema.md Outdated
<ul>
<li>How to contribute: <a href="https://github.com/RConsortium/r-advisory-database#readme">https://github.com/RConsortium/r-advisory-database#readme</a></li>
<li>Source URL: <code>https://osv.dev/vulnerability/&lt;ID&gt;</code></li>
<li>OSV Formatted URL: <code>https://github.com/RConsoritum/r-advisory-database/&lt;package&gt;/&lt;ID&gt;.yaml</code> (unofficial)</li>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a typo in the URL

Suggested change
<li>OSV Formatted URL: <code>https://github.com/RConsoritum/r-advisory-database/&lt;package&gt;/&lt;ID&gt;.yaml</code> (unofficial)</li>
<li>OSV Formatted URL: <code>https://github.com/RConsortium/r-advisory-database/&lt;package&gt;/&lt;ID&gt;.yaml</code> (unofficial)</li>

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, does the constructed URL work though? E.g.

https://github.com/RConsortium/r-advisory-database/readxl/RSEC-2023-0.yaml

would not lead to the advisory if I'm not mistaken.

Copy link
Contributor

@tylfin tylfin Jul 20, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should work directly:

Suggested change
<li>OSV Formatted URL: <code>https://github.com/RConsoritum/r-advisory-database/&lt;package&gt;/&lt;ID&gt;.yaml</code> (unofficial)</li>
<li>OSV Formatted URL: <code>https://raw.githubusercontent.com/RConsortium/r-advisory-database/main/vulns/&lt;package&gt;/&lt;ID&gt;.yaml</code></li>

For example https://raw.githubusercontent.com/RConsortium/r-advisory-database/main/vulns/readxl/RSEC-2023-0.yaml

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've fixed the link here.

@michaelkedar michaelkedar mentioned this pull request Jul 21, 2023
Merged
2 tasks
@oliverchang
Update schema.md
86a2602 
Signed-off-by: Oliver Chang <oliverchang@users.noreply.github.com>
@oliverchang oliverchang merged commit 853d448 into ossf:main Jul 24, 2023
1 check failed
rhalar
rhalar reviewed Jul 24, 2023
View reviewed changes
docs/schema.md
<ul>
<li>How to contribute: <a href="https://github.com/RConsortium/r-advisory-database#readme">https://github.com/RConsortium/r-advisory-database#readme</a></li>
<li>Source URL: <code>https://osv.dev/vulnerability/&lt;ID&gt;</code></li>
<li>OSV Formatted URL: <code>https://github.com/RConsortium/r-advisory-database/blob/main/&lt;package&gt;/&lt;ID&gt;.yaml</code> (unofficial)</li>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oliverchang I think this is still wrong, missing /vulns in the path :D

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doh, thanks for catching.

Can you please raise a PR to fix this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doh, thanks for catching.

Can you please raise a PR to fix this?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll push it when I get a minute.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang approved these changes

@tylfin tylfin tylfin left review comments

@rhalar rhalar rhalar left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add RSEC as a supported database prefix
4 participants
@MichaelChirico @tylfin @oliverchang @rhalar