Can you provide us some more information about your goal? The run_combine_to_osv_convert.sh script is quite specific/narrow in it's use case. It's main goal is to upload and download from google cloud buckets to feed into osv.dev
- If you are looking for all the already converted OSV formatted vulnerabilities, then they are available here: gs://osv-vulnerabilities
- If you are looking to convert all NVD CVE entries into the OSV format, we currently don't have that functionality at the moment, but it is something we are in the process of adding similar functionality to OSV (see https://github.com/google/osv.dev/pull/738
for an early draft)
- And if you already have affected package and vulnerability information extracted, and all you want is to combine it with CVE information into the OSV format, then combine-to-osv is what you are looking for. If that is the case, you can try running `go run ./cmd/combine-to-osv` directly with the necessary parameters. combine-to-osv is currently mostly for internal use to populate osv.dev
, so it lacks proper documentation. I have created an issue to track this here: https://github.com/google/osv.dev/issues/751
Do let us know if none of the above is what you are trying to do, and if we can help.