From b00ebb3bf855e05f9fa27db64cd6ee721cef0fc1 Mon Sep 17 00:00:00 2001 From: Robert Thorpe II Date: Tue, 26 Jul 2022 12:02:16 -0400 Subject: [PATCH 1/2] Add GitHub Actions and Pub to the ecosystems list This adds GitHub Actions and Pub to the documented list of defined ecosystems. The description for Pub is the wording taken directly from their website, but open to feedback if you'd like it to follow a specific pattern. There are no validations on the ecosystems defined in the schema docs, so the validation JSON has not been updated. --- docs/schema.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/schema.md b/docs/schema.md index 6fc63dd..e1f298c 100644 --- a/docs/schema.md +++ b/docs/schema.md @@ -382,6 +382,8 @@ The defined ecosystems are: | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:` suffix to scope the package to a particular Debian release. `` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. | | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name. | | `Android` | The Android ecosystem; the `name` field is the Android component name that the patch applies to, as shown in the [Android Security Bulletins](https://source.android.com/security/bulletin) such as `Framework`, `Media Framework` and `Kernel Component`. The exhaustive list of components can be found at the [Appendix](#android-ecosystem-components). | +| `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is an action name. | +| `Pub` | The package manager for the Dart ecosystem; the `name` field is a Dart package name. | | Your ecosystem here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). | It is permitted for a database name (the DB prefix in the `id` field) and an From b64a9b66781e279d595809db23431e20e5be5f2b Mon Sep 17 00:00:00 2001 From: Robert Thorpe II Date: Fri, 29 Jul 2022 16:34:47 -0400 Subject: [PATCH 2/2] Clarify formatting of Actions name --- docs/schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/schema.md b/docs/schema.md index e1f298c..1e637f5 100644 --- a/docs/schema.md +++ b/docs/schema.md @@ -382,7 +382,7 @@ The defined ecosystems are: | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:` suffix to scope the package to a particular Debian release. `` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. | | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name. | | `Android` | The Android ecosystem; the `name` field is the Android component name that the patch applies to, as shown in the [Android Security Bulletins](https://source.android.com/security/bulletin) such as `Framework`, `Media Framework` and `Kernel Component`. The exhaustive list of components can be found at the [Appendix](#android-ecosystem-components). | -| `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is an action name. | +| `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`. | | `Pub` | The package manager for the Dart ecosystem; the `name` field is a Dart package name. | | Your ecosystem here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). |