Skip to content

Commit

Permalink
Some schema cleanup. (#210)
Browse files Browse the repository at this point in the history
- Make Purpose section more concise. We don't need a history lesson here
anymore :)
- Remove old changelogs.
- Alphabetically sort databases and ecosystems.
- Add some missing databases (Curl, NVD).

---------

Signed-off-by: Oliver Chang <ochang@google.com>
Signed-off-by: Oliver Chang <oliverchang@users.noreply.github.com>
  • Loading branch information
oliverchang authored Nov 28, 2023
1 parent 37d7002 commit 9235ab5
Show file tree
Hide file tree
Showing 3 changed files with 157 additions and 342 deletions.
30 changes: 30 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Change Log

- 2021-03-29 added "withdrawn" field
- 2021-04-07 changed "details" to Markdown, change "references" to a list of
objects with a new "type" field in addition to the URL.
- 2021-04-23 handful of changes, see Status - 2021-04-23 below for details. Corrected examples.
- 2021-04-26 changed `database-specific` and `ecosystem-specific` to
`database_specific` and `ecosystem_specific` for easier access from languages
that access JSON field keys using x.field notation.
- 2021-06-08 Added "purl" to the "package" field and some minor clarifications.
- 2021-06-30 Fixed an incorrect/typoed specification for "affects" from an array
of objects to an object.
- 2021-08-17 Support multiple packages per entry by moving `packages`,
`ecosystem_specific` and `database_specific` into `affected`. The `affected`
field is intentionally named differently to the previous `affects` field to
make migration easier. Also use "events" containing single versions to
represent affected version ranges instead.
- 2021-09-08 Promoted schema to 1.0.
- 2022-01-19 Released version 1.2.0. Includes various changes suggested by
GitHub (`schema_version`, top-level `database_specific`, `credits`,
`severity`, relaxation of version enumeration requirement).
- 2022-03-24 Released version 1.3.0. Added `last_affected` event type and
`database_specific` to `affected[].ranges[]`.
Context: https://github.com/ossf/osv-schema/issues/35.
- 2023-02-21 Released version 1.4.0. Added per package `severity` and
credit types.
- 2023-04-26 Released version 1.5.0. Added new reference types.
- 2023-08-11 Released version 1.6.0. Several new databases and clarified
definitions of `aliases` and `related`.
- 2023-11-29 Released version 1.6.1. Some cleanup of the schema layout.
24 changes: 12 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
# Open Source Vulnerability Schema

This is the repository for the Open Source Vulnerability schema (OSV-schema), which is currently exported by:
This is the repository for the Open Source Vulnerability schema (OSV Schema), which is currently exported by:
- [AlmaLinux](https://github.com/AlmaLinux/osv-database)
- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)
- [Curl](https://curl.se/docs/vuln.json)
- [GitHub Security Advisories](https://github.com/github/advisory-database)
- [PyPI Advisory Database](https://github.com/pypa/advisory-database)
- [Go Vulnerability Database](https://github.com/golang/vulndb)
- [Rust Advisory Database](https://github.com/RustSec/advisory-db)
- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database)
- [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns)
- [Go Vulnerability Database](https://github.com/golang/vulndb)
- [Haskell Security Advisories](https://github.com/haskell/security-advisories)
- [LoopBack Advisory Database](https://github.com/loopbackio/security/tree/main/advisories)
- [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns)
- [OSV.dev maintained converters](https://github.com/google/osv.dev#current-data-sources) (Debian, Alpine, NVD)
- [PyPI Advisory Database](https://github.com/pypa/advisory-database)
- [Python Software Foundation Database](https://github.com/psf/advisory-database)
- [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database)
- [Rocky Linux](https://distro-tools.rocky.page/apollo/openapi/#osv)
- [AlmaLinux](https://github.com/AlmaLinux/osv-database)
- [Haskell Security Advisories](https://github.com/haskell/security-advisories)
- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)
- [OSV.dev maintained converters](https://github.com/google/osv.dev#current-data-sources)
- [Rust Advisory Database](https://github.com/RustSec/advisory-db)
- [VMWare Photon OS](https://github.com/vmware/photon/wiki/Security-Advisories) (unofficial)
- [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database)
- [Python Software Foundation Database](https://github.com/psf/advisory-database)
- [Curl](https://curl.se/docs/vuln.json)

Together, these include vulnerabilities from:
- AlmaLinux
Expand Down
Loading

0 comments on commit 9235ab5

Please sign in to comment.