Can you provide us some more information about your goal? The run_combine_to_osv_convert.sh script is quite specific/narrow in it's use case. It's main goal is to upload and download from google cloud buckets to feed into
osv.dev.
- If you are looking for all the already converted OSV formatted vulnerabilities, then they are available here:
gs://osv-vulnerabilities.
- If you are looking to convert all NVD CVE entries into the OSV format, we currently don't have that functionality at the moment, but it is something we are in the process of adding similar functionality to OSV (see
https://github.com/google/osv.dev/pull/738 for an early draft)
- And if you already have affected package and vulnerability information extracted, and all you want is to combine it with CVE information into the OSV format, then combine-to-osv is what you are looking for. If that is the case, you can try running `go run ./cmd/combine-to-osv` directly with the necessary parameters. combine-to-osv is currently mostly for internal use to populate
osv.dev, so it lacks proper documentation. I have created an issue to track this here:
https://github.com/google/osv.dev/issues/751Do let us know if none of the above is what you are trying to do, and if we can help.