Guidelines for opensource projects which would like to be added to database
29 views
Skip to first unread message
Nikita Ivanov
Feb 14, 2023, 3:09:08 AM2/14/23
to osv-discuss
Hi!
I am representing Tuxcare ELS team. We would like to provide our advisories for OSV, but I can't find any step-by-step guidelines for opensource maintainers. Do you have some?
I am a little bit lost in all the information you provide. Could you answer a couple of questions, please?
1. How should I provide access to vulnerabilities in OSV format? Should it be some kind of repository, bucket, or an API?
2. How can one request its advisories to be added to OSV portal? Is there some process of application? Whom should I contact?
3. Should I write an importer extension for supporting our information myself or is it done my someone else?
Thanks for your efforts,
Nikita Ivanov, C Developer
I am representing Tuxcare ELS team. We would like to provide our advisories for OSV, but I can't find any step-by-step guidelines for opensource maintainers. Do you have some?
I am a little bit lost in all the information you provide. Could you answer a couple of questions, please?
1. How should I provide access to vulnerabilities in OSV format? Should it be some kind of repository, bucket, or an API?
2. How can one request its advisories to be added to OSV portal? Is there some process of application? Whom should I contact?
3. Should I write an importer extension for supporting our information myself or is it done my someone else?
Thanks for your efforts,
Nikita Ivanov, C Developer
Andrew Pollock
Feb 27, 2023, 4:08:25 AM2/27/23
to Nikita Ivanov, osv-discuss
Hi Nikita,
My apologies for the tardy response, I think we all managed to miss your email. Responses in line:
On Tue, 14 Feb 2023 at 18:09, 'Nikita Ivanov' via osv-discuss <osv-d...@googlegroups.com> wrote:
Hi!
I am representing Tuxcare ELS team. We would like to provide our advisories for OSV, but I can't find any step-by-step guidelines for opensource maintainers. Do you have some?
I am a little bit lost in all the information you provide. Could you answer a couple of questions, please?
I'm sorry our documentation didn't make this easier. Any feedback on what your user journey looked like to date would be helpful to allow us to improve things for the next person like you.
1. How should I provide access to vulnerabilities in OSV format? Should it be some kind of repository, bucket, or an API?
You can choose between a GCS bucket or a Git repository.
2. How can one request its advisories to be added to OSV portal? Is there some process of application? Whom should I contact?
This is a good enough way to start the conversation. When you've got a GCS bucket or Git repository ready, we can take a look at it to make sure things are looking structurally correct and add it.
3. Should I write an importer extension for supporting our information myself or is it done my someone else?
No, that's not required, once the source is ready, we just have to add it to our configuration and it will start being imported.
Please let us know if you have any further questions.
regards
Andrew
Thanks for your efforts,
Nikita Ivanov, C Developer
--
You received this message because you are subscribed to the Google Groups "osv-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osv-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/osv-discuss/fe6cc614-374e-4947-aab5-69f332c14368n%40googlegroups.com.
This email is confidential. If you are not the right addressee, please inform the sender and please erase this email including any attachments.
Nikita Ivanov
Feb 27, 2023, 5:06:27 AM2/27/23
to Andrew Pollock, osv-d...@googlegroups.com
Hi!
Thanks for your reply. I have read an importer source code in order to figure out what you said, so the response was late indeed :(
Nevertheless, I'll try to sum up my thoughts about user experience, but memories are a little bit vague by now.
We are working on creating a Git repository by now and will contact you later as soon as we finish.
Thanks for your reply. I have read an importer source code in order to figure out what you said, so the response was late indeed :(
Nevertheless, I'll try to sum up my thoughts about user experience, but memories are a little bit vague by now.
We are working on creating a Git repository by now and will contact you later as soon as we finish.
Best Regards,
Nikita Ivanov | C developer
Andrew Pollock
Feb 27, 2023, 6:19:34 AM2/27/23
to Nikita Ivanov, osv-d...@googlegroups.com
On Mon, 27 Feb 2023 at 20:06, Nikita Ivanov <niv...@cloudlinux.com> wrote:
Hi!
Thanks for your reply. I have read an importer source code in order to figure out what you said, so the response was late indeed :(
That is definitely not our preferred way to increase adoption, but I'm glad you were able to answer your questions.
Nevertheless, I'll try to sum up my thoughts about user experience, but memories are a little bit vague by now.
Thank you, any actionable feedback would be greatly appreciated.
We are working on creating a Git repository by now and will contact you later as soon as we finish.
Cool, if you have any further questions, please do reach out again. If you use Slack, there's also https://osvglobal.slack.com/archives/C02QDH1FNNA
Reply all
Reply to author
Forward
0 new messages