From nobody Tue Dec 30 10:22:53 2025
X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dgTgK5Gs3z6LhrD
	for <dev-commits-doc-all@mlmmj.nyi.freebsd.org>; Tue, 30 Dec 2025 10:22:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dgTgK2k9Fz47pb
	for <dev-commits-doc-all@FreeBSD.org>; Tue, 30 Dec 2025 10:22:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1767090173;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XnVltncQ6UbWziXU35li4/zuLljocS6VtX8w4QZSaHc=;
	b=JnTWwe8g/la399II6Jh+V7tIFowO24tZpJ2oWrPl6TwOV6HW5bdxlDxBEhWuTPhyDgbjon
	CaeHh0s/NG3cIANvUCfnBKsNVNaofdK1dEVPjgzRIfV54Mr7+LaOSY5p87vw2EOz4vNrQH
	ocK95W0oee9K/y8pYdytzxR7jVJNnYmrCbEO67KjA2cne6XN2xU5/HB+bnLj/PVO0AbL+Q
	tGWx9dczjRTAWrcQ6pNuoiidRpbC0wHG3vBnhENgLQV87/xyJfBURnllKWOGQ9jDFYa46S
	oVQOpha2E2SVHnuCWpew+BBcjGrdfjZi01H9/ATgqznhkqPDTT0afoaJTlgajA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1767090173;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XnVltncQ6UbWziXU35li4/zuLljocS6VtX8w4QZSaHc=;
	b=JVMrOe/4E/YZBvSorR2iM6wCaERNCVrfmYq6pmtIkGYT5F/4zqiFtYrBmelYpBQWA8iPH+
	MiXJlq2cubBVMMep5OsFWqODF8dA2B7ampETQxGL9+HvNjYGnQB6IjyYtMcqr8CsV1IEKP
	BjLwWNemvUWImL2bmK6Mkpo2N+tOv7AMuAe0QT9cFLCbpX7sAHE4gn4bhsRrR7Re7XEM7a
	Cg4gjapBTX666Nlbp08lkgBoUYzkmzjZSUxaN16uo7/oJaM9HRfWLvTdMwKSDIrphrPYs6
	1XlgMBe+HDJsa1gDC9ArAOi7eDR2uIr18Vf84d6M2uaAXWWc+un8YzwU1zOuig==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767090173; a=rsa-sha256; cv=none;
	b=vIk16e5KNvMFLkirQM5dk9sd7sKVUrIOXra1hjxNLC1cWHPI9UngAvWqnlzGEG2HL5CMdD
	XCHVye9BcXGR2GAQBZDcp5dXcFAtebk5WX2dEX+5ssBHf/FpFO53NAH1eUtSGjcFK28MHc
	jMQNyZ1IzuwNuubo+QRMWFduzWiH8WhDVE6zeMJJTir3wZxBMAasK3WWM0ea7vxaZQvLIt
	yKFj7qLpaM7c4xu/xRI5vcobC0mn1bha/vz6En4qfWrZogTyzV7zCTfFEtXQCRsZRmen74
	8MT212FBQvgkJfynKilRCK+p4OMuH4DQL9d63ecRIv+IQKstKjf8A00yntpQ+Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dgTgK24HKzwJ9
	for <dev-commits-doc-all@FreeBSD.org>; Tue, 30 Dec 2025 10:22:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 23dd5
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Tue, 30 Dec 2025 10:22:53 +0000
To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org
Cc: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
From: Lorenzo Salvadore <salvadore@FreeBSD.org>
Subject: git: 714747f016 - main - Status/2025Q4/osv.adoc: Add report
List-Id: Commit messages for all branches of the doc repository <dev-commits-doc-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all
List-Help: <mailto:dev-commits-doc-all+help@freebsd.org>
List-Post: <mailto:dev-commits-doc-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-doc-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-doc-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-doc-all@freebsd.org
Sender: owner-dev-commits-doc-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: salvadore
X-Git-Repository: doc
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 714747f016a678bc3b230b4f180e249c9ac246b0
Auto-Submitted: auto-generated
Date: Tue, 30 Dec 2025 10:22:53 +0000
Message-Id: <6953a7fd.23dd5.927aa58@gitrepo.freebsd.org>

The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=714747f016a678bc3b230b4f180e249c9ac246b0

commit 714747f016a678bc3b230b4f180e249c9ac246b0
Author:     Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
AuthorDate: 2025-12-30 10:15:20 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2025-12-30 10:15:20 +0000

    Status/2025Q4/osv.adoc: Add report
    
    Differential Revision:  https://reviews.freebsd.org/D54344
---
 .../en/status/report-2025-10-2025-12/osv.adoc      | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/website/content/en/status/report-2025-10-2025-12/osv.adoc b/website/content/en/status/report-2025-10-2025-12/osv.adoc
new file mode 100644
index 0000000000..daa26103b1
--- /dev/null
+++ b/website/content/en/status/report-2025-10-2025-12/osv.adoc
@@ -0,0 +1,26 @@
+=== Converting VuXML to Open Source Vulnerability database
+
+Links: +
+link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[FreeBSD OSV database for pkg] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[] +
+link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[FreeBSD Vulnerabilities for year 2025 in Markdown/Commonmark format] URL: link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[] +
+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[Lua OSV tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[] +
+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[Python VuXML to OSV conversion tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[] +
+link:https://github.com/freebsd/pkg/pull/2558[pkg PR for OSV] URL: link:https://github.com/freebsd/pkg/pull/2558[] +
+link:https://github.com/ossf/osv-schema/pull/237[OSV Schema pull request] URL: link:https://github.com/ossf/osv-schema/pull/237[] +
+link:https://github.com/google/osv.dev/issues/3901[OSV issue to track down OSV integration in Google OSV Github repository] URL: link:https://github.com/google/osv.dev/issues/3901[] +
+link:https://github.com/package-url/purl-spec/pull/496[FreeBSD PURL effort] URL: link:https://github.com/package-url/purl-spec/pull/496[]
+
+Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+The Open Source Vulnerability database effort has been ongoing since May. The target for this effort was to produce an OSV database and retire the old VuXML database format.
+
+Currently, there is a test database and a pull request for man:pkg[8]. The test database can be updated from VuXML and converted to OSV JSON format. Needed tooling to update and create a merged database file for pkg is complete. There is also exporting for Commonmark which renders fine in Github.
+
+Additionally, upstream support for FreeBSD in the OSV Schema has been implemented, allowing OSV files to be validated against official sources. There has also been an effort for PURL that is slowly moving forward.
+
+If you want to help with this project, here are some tasks:
+
+- Verify that conversion from VuXML to OSV is accurate
+- Verify that pkg can use the OSV database and produces correct output
+
+Sponsor: The FreeBSD Foundation