grype feature parity with osv.dev #794
Labels
enhancement
New feature or request
Comments
|
Hey @cpendery, sorry for the delay responding to this ticket. We finally had a chance to discuss this as a team, and it is definitely a feature that we want to add at some point. You are correct that we have not yet open sourced the database tooling. We are going to need some additional internal conversations around that. In the meantime, we will leave this ticket open since it is something we want to get to as soon as we are able. Thanks for your patience! Tim |
|
We are actively working to open-source the database builder, and as a follow-on investigate integrating osv.dev. |
kzantow
moved this from Parking Lot (Comments or Progress)
to In Progress (Actively Resolving)
in OSS
|
Is there any progress on slotting osv.dev integration? I find many Golang false negatives that could have been caught by an osv data feed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
I'd like the data sources of grype to be at least inclusive of the ecosystems in osv.dev. I'm happy to contribute support for these, but I don't believe the code is currently open sourced for producing the databases
Why is this needed:
We could use a wider range of vulnerabilities included to scan against. It makes the product more complete and powerful
Additional context:
Ecosystems to add:The text was updated successfully, but these errors were encountered: