TuxCare ecosystem adoption to OSV

[Vasiliy Kleschov]

Hello OSV team,

My name is Vasily and I'm helping my colleagues from the TuxCare division add their security advisories to the OSV database. I've followed the guide from osv.dev site regarding adding a new data source and created an issue in osv.dev repository and a PR in the osv-schema repository:

https://github.com/google/osv.dev/issues/4913

https://github.com/ossf/osv-schema/pull/520

I wanted to clarify a few things:

- I understand that we need some OSV data in our repository, but is it okay to proceed by adding a PR to process that data before the PR in osv-schema repository is merged?

- The TuxCare ecosystem has packages with fixes for both different Linux distributions and for language ecosystems like NPM, PyPI, etc. Do you have any recommendation on how to organize the Git repository for advisories, considering this complexity? I saw Bitnami source does something similar, so maybe we should follow their example?

Thanks in advance for your help,

--

Regards,

Vasily Kleschov | Director of Release Engineering department

CloudLinux OS  | KernelCare   |   Imunify360 | AlmaLinux