Using OSV.dev as a backend for vulnerability reporting

[Christian Walter]

Hi everyone,

first off: great project. I am from the Open-Source Firmware Foundation (https://osfw.foundation) and we are currently looking to set up a system for our projects that helps them to comply with the EuCRA requirements. We'd like to use OSV.dev as a 'backend' to store the vulnerabilities, and have our own frontend sitting on top of it with a bit more functionality. I see that you provide API access - so is this allowed per default, or is there anything we should be careful about here?

Thanks so much for your great work - we definitely appreciate it.

Ofc we would mention osv.dev (I just recently did on another two talks about the EuCRA) and link to it as well.

Best,

Chris