Andrew Pollock
Andrew Pollock
This is another in-progress prototype snapshot. We're at a point here where OSV output is successfully generated. Additional validation to determine if it's "good enough" needs to be performed. Next...
https://staticcheck.io/ is an additional option for Go code quality checking. Investigate if it's appropriate to add along with `go vet`.
It's difficult to reason about the test coverage, so we don't know where we need to improve things, and we don't know what we can confidently modify and release because...
Currently the configuration for the importer is in DataStore in the `SourceRepository` entity. There's risks of fat-fingering and edit, and it's generally [good practice](https://sre.google/workbook/configuration-specifics/) to have configuration under revision control...
As part of [#761](https://github.com/google/osv.dev/issues/761), we became aware that the Cloud Security Alliance has a [schema validator](https://github.com/cloudsecurityalliance/gsd-tools/tree/main/local-scripts/schema-validator). It seems like shipping a canonical, authoritative validator tool and library with the schema...
https://github.com/google/osv.dev/discussions/1131 raised some questions rooted in confidentiality/privacy concerns around what information is shared with (and subsequently logged by) OSV.dev infrastructure. I thought it would be helpful for privacy-conscious users of...
I'm here after trying and failing to use https://github.com/a-h/generate (for my use case), running into a fresher variation of https://github.com/a-h/generate/issues/67 there... My use case is similar to what's described in...
Some filenames wind up with an embedded quote character or are very long due to the CPE vendor/product name and this seemed to cause some copy operations to fail.
**Problem statement:** Today, it is not possible to cause the reimport (and re-enumeration) of a single record in a Git-based OSV record source. The best option (as opposed to setting...
**Problem statement:** Today, [`affected[].versions`](https://ossf.github.io/osv-schema/#affectedversions-field) enumeration only occurs during the import of an OSV record. #1987 has identified that it is conceivable that additional vulnerable versions may be released (for example,...