Comments (5)
G-Rath
commented on May 3, 2024
1
v0.3.0 switches osv-detector over to using these databases.
@cniweb Parsing Maven / pom.xml is not yet supported but is planned: G-Rath/osv-detector#33
from osv.dev.
oliverchang
commented on May 3, 2024
1
Thanks for the work here @G-Rath! This is very useful to consumers of this data.
from osv.dev.
oliverchang
commented on May 3, 2024
Hi! Sorry for the late reply.
Indeed! Once we have Maven and NPM data in our database, we will look at building a universal tool that can scan dependencies in major package ecosystems.
from osv.dev.
G-Rath
commented on May 3, 2024
@oliverchang fwiw I've actually built such a tool (osv-detector), which has native parsers for most of the lockfiles (except Maven / pom.xml for now) and I have plans to support taking in csv to allow you to arbitrarily provide package details.
I originally wrote it for the GH advisory DB as I didn't realise this repo/db was a thing, but now that I do I'm going to look to switching to this via downloading the all.zip files for each ecosystem - I'm pretty sure it should mostly work out of the box, since it's using the OSV format already.
from osv.dev.
G-Rath
commented on May 3, 2024
This has been landed in v0.5.0 of osv-detector
from osv.dev.
Related Issues (20)
- CVE-2022-30187 is not reported for java and Python SDKs HOT 3
- Does OSV report vulns in PHP? HOT 2
- CVE-2023-48023 is missing for ray (Python) HOT 4
- "Unable to get vulns for dependencies in 30076ms: timeout" HOT 10
- Data quality issue with CVE-2023-50298 HOT 2
- Add a link to OSV.dev docs on the top bar of osv.dev.
- Separate out OSS-Fuzz bisection infrastructure.
- Regular releases of the osv PyPI package
- Missing aliases in some OSV records HOT 5
- API timed out again HOT 2
- Parity mismatch between API and zip HOT 5
- Improve exporter performance
- Data quality issue with CVE-2020-27388 HOT 1
- Incorrect separator in package name in Packagist ecosystem HOT 2
- Details Page Does Not Display Vulnerability Summary HOT 2
- OSS-Fuzz bisection: comment on issue with results
- Surface all OSV schema fields on vulnerability details. HOT 2
- Add `osv-scanner fix` and GitHub actions to osv.dev home page. HOT 4
- Support Maven registries in OSV entries
- Mageia vulnerabilities available in OSV HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osv.dev.