Using OSV.dev as a backend for vulnerability reporting

[Christian Walter]

Hi everyone,

first off: great project. I am from the Open-Source Firmware Foundation (https://osfw.foundation) and we are currently looking to set up a system for our projects that helps them to comply with the EuCRA requirements. We'd like to use OSV.dev as a 'backend' to store the vulnerabilities, and have our own frontend sitting on top of it with a bit more functionality. I see that you provide API access - so is this allowed per default, or is there anything we should be careful about here?

Thanks so much for your great work - we definitely appreciate it.

Ofc we would mention osv.dev (I just recently did on another two talks about the EuCRA) and link to it as well.

Best,

Chris

[Rex]

Hello!

You're definitely welcome to use our API to build a custom frontend, though please specify a recognisable user agent so we can let you know in the unlikely event that there are traffic problems arising from this.

It sounds like you are looking to publish new vulnerabilities for your projects, if so, please take a look at our docs for detailed instructions: https://google.github.io/osv.dev/data/new. Let us know if you run into any issues or if there's anything we can help with!

Cheers

Rex