Hi OSV Team,
I came across the group’s details while looking for contacts at OSV. I'm a Product Manager at Lineaje, and we've developed a solution called Gold Open Source. It focuses on securing open-source projects by addressing vulnerabilities that haven't been fixed yet and enabling backporting for older versions.
Part of this work involves ensuring that our fixes for these vulnerabilities are recognized by other security scanners like Snyk or Grype. This way, users won't encounter false positives when scanning packages that include fixes we've implemented through Lineaje's versioned packages .
One approach we're considering is publishing these fixed versions through OSV as security advisories. Would you happen to know if this is a viable way to achieve our goal? If so, could you share any guidance on how we could move forward with this?
Thanks,
Inder
To view this discussion visit https://groups.google.com/d/msgid/osv-discuss/CAJ8bJ-Tb%3D7bMWW3AytmwGTpqmKiXUECd2knVziR6EeSbtTbb4A%40mail.gmail.com.