Date: Tue, 30 Dec 2025 10:22:53 +0000 From: Lorenzo Salvadore <salvadore@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Cc: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> Subject: git: 714747f016 - main - Status/2025Q4/osv.adoc: Add report Message-ID: <6953a7fd.23dd5.927aa58@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=714747f016a678bc3b230b4f180e249c9ac246b0 commit 714747f016a678bc3b230b4f180e249c9ac246b0 Author: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> AuthorDate: 2025-12-30 10:15:20 +0000 Commit: Lorenzo Salvadore <salvadore@FreeBSD.org> CommitDate: 2025-12-30 10:15:20 +0000 Status/2025Q4/osv.adoc: Add report Differential Revision: https://reviews.freebsd.org/D54344 --- .../en/status/report-2025-10-2025-12/osv.adoc | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/website/content/en/status/report-2025-10-2025-12/osv.adoc b/website/content/en/status/report-2025-10-2025-12/osv.adoc new file mode 100644 index 0000000000..daa26103b1 --- /dev/null +++ b/website/content/en/status/report-2025-10-2025-12/osv.adoc @@ -0,0 +1,26 @@ +=== Converting VuXML to Open Source Vulnerability database + +Links: + +link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[FreeBSD OSV database for pkg] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[] + +link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[FreeBSD Vulnerabilities for year 2025 in Markdown/Commonmark format] URL: link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[] + +link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[Lua OSV tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[] + +link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[Python VuXML to OSV conversion tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[] + +link:https://github.com/freebsd/pkg/pull/2558[pkg PR for OSV] URL: link:https://github.com/freebsd/pkg/pull/2558[] + +link:https://github.com/ossf/osv-schema/pull/237[OSV Schema pull request] URL: link:https://github.com/ossf/osv-schema/pull/237[] + +link:https://github.com/google/osv.dev/issues/3901[OSV issue to track down OSV integration in Google OSV Github repository] URL: link:https://github.com/google/osv.dev/issues/3901[] + +link:https://github.com/package-url/purl-spec/pull/496[FreeBSD PURL effort] URL: link:https://github.com/package-url/purl-spec/pull/496[] + +Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> + +The Open Source Vulnerability database effort has been ongoing since May. The target for this effort was to produce an OSV database and retire the old VuXML database format. + +Currently, there is a test database and a pull request for man:pkg[8]. The test database can be updated from VuXML and converted to OSV JSON format. Needed tooling to update and create a merged database file for pkg is complete. There is also exporting for Commonmark which renders fine in Github. + +Additionally, upstream support for FreeBSD in the OSV Schema has been implemented, allowing OSV files to be validated against official sources. There has also been an effort for PURL that is slowly moving forward. + +If you want to help with this project, here are some tasks: + +- Verify that conversion from VuXML to OSV is accurate +- Verify that pkg can use the OSV database and produces correct output + +Sponsor: The FreeBSD Foundationhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6953a7fd.23dd5.927aa58>