add https://osv.dev/ support

Open goern opened this issue 3 years ago • 4 comments

As an investigator, I want to add osv.dev information for each new package-release, so that this information could be used in an advise or a report.

References

https://osv.dev/
https://github.com/ossf/scorecard/blob/main/docs/checks.md#vulnerabilities

Dec 15 '22 14:12 goern

@goern: This issue is currently awaiting triage. If a refinement session determines this is a relevant issue, it will accept the issue by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Dec 15 '22 14:12 sesheta

/sig stack-guidance

Dec 15 '22 14:12 goern

/triage needs-information @goern can you elaborate a bit more?

Jan 30 '23 14:01 codificat

The goal here should be to evaluate if osv.dev got some machine-readable information that would help us doing better recommendations.

Jan 30 '23 14:01 goern