From 22f53f1313589f9a0c17c39d1df084402e4f6bf4 Mon Sep 17 00:00:00 2001 From: Chai Tadmor Date: Tue, 25 Nov 2025 16:00:22 +0200 Subject: [PATCH 1/3] Root data source --- docs/data.md | 2 ++ source.yaml | 15 +++++++++++++++ source_test.yaml | 15 +++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/docs/data.md b/docs/data.md index e74d810cee9..a294e4da28f 100644 --- a/docs/data.md +++ b/docs/data.md @@ -56,6 +56,8 @@ The following ecosystems have vulnerabilities encoded in this format: ([Apache 2.0](https://github.com/bitnami/vulndb/blob/main/LICENSE.md)) - [Haskell Security Advisory DB](https://github.com/haskell/security-advisories) ([CC0 1.0](https://github.com/haskell/security-advisories/blob/main/LICENSE.txt)) +- [Root](https://api.root.io/external/osv/all.json) + (License TBD) - [Ubuntu](https://github.com/canonical/ubuntu-security-notices) ([CC-BY-SA 4.0](https://github.com/canonical/ubuntu-security-notices/blob/main/LICENSE)) diff --git a/source.yaml b/source.yaml index 9131af96fe3..86412039dab 100644 --- a/source.yaml +++ b/source.yaml @@ -101,6 +101,21 @@ editable: False strict_validation: False +- name: 'root' + versions_from_repo: False + type: 2 + rest_api_url: 'https://api.root.io/external/osv/all.json' + ignore_patterns: ['^(?!ROOT-).*$'] + directory_path: 'osv' + detect_cherrypicks: False + extension: '.json' + db_prefix: ['ROOT-'] + ignore_git: True + human_link: 'https://root.io/security/{{ BUG_ID }}' + link: 'https://api.root.io/external/osv/' + editable: False + strict_validation: True + - name: 'chainguard' versions_from_repo: False rest_api_url: 'https://packages.cgr.dev/chainguard/osv/all.json' diff --git a/source_test.yaml b/source_test.yaml index dfc162ef2f5..e3070a3596e 100644 --- a/source_test.yaml +++ b/source_test.yaml @@ -101,6 +101,21 @@ editable: False strict_validation: True +- name: 'root' + versions_from_repo: False + type: 2 + rest_api_url: 'https://api.root.io/external/osv/all.json' + ignore_patterns: ['^(?!ROOT-).*$'] + directory_path: 'osv' + detect_cherrypicks: False + extension: '.json' + db_prefix: ['ROOT-'] + ignore_git: True + human_link: 'https://root.io/security/{{ BUG_ID }}' + link: 'https://api.root.io/external/osv/' + editable: False + strict_validation: True + - name: 'chainguard' versions_from_repo: False rest_api_url: 'https://packages.cgr.dev/chainguard/osv/all.json' From bdef2f8e3aa8482f4bdca542f5eecfc7cb577df9 Mon Sep 17 00:00:00 2001 From: Chai Tadmor Date: Tue, 23 Dec 2025 17:55:55 +0200 Subject: [PATCH 2/3] Revert source.yaml and source_test.yaml changes These will be added in a separate PR after the code changes are merged. --- docs/data.md | 2 -- source.yaml | 15 --------------- source_test.yaml | 15 --------------- 3 files changed, 32 deletions(-) diff --git a/docs/data.md b/docs/data.md index a294e4da28f..e74d810cee9 100644 --- a/docs/data.md +++ b/docs/data.md @@ -56,8 +56,6 @@ The following ecosystems have vulnerabilities encoded in this format: ([Apache 2.0](https://github.com/bitnami/vulndb/blob/main/LICENSE.md)) - [Haskell Security Advisory DB](https://github.com/haskell/security-advisories) ([CC0 1.0](https://github.com/haskell/security-advisories/blob/main/LICENSE.txt)) -- [Root](https://api.root.io/external/osv/all.json) - (License TBD) - [Ubuntu](https://github.com/canonical/ubuntu-security-notices) ([CC-BY-SA 4.0](https://github.com/canonical/ubuntu-security-notices/blob/main/LICENSE)) diff --git a/source.yaml b/source.yaml index 86412039dab..9131af96fe3 100644 --- a/source.yaml +++ b/source.yaml @@ -101,21 +101,6 @@ editable: False strict_validation: False -- name: 'root' - versions_from_repo: False - type: 2 - rest_api_url: 'https://api.root.io/external/osv/all.json' - ignore_patterns: ['^(?!ROOT-).*$'] - directory_path: 'osv' - detect_cherrypicks: False - extension: '.json' - db_prefix: ['ROOT-'] - ignore_git: True - human_link: 'https://root.io/security/{{ BUG_ID }}' - link: 'https://api.root.io/external/osv/' - editable: False - strict_validation: True - - name: 'chainguard' versions_from_repo: False rest_api_url: 'https://packages.cgr.dev/chainguard/osv/all.json' diff --git a/source_test.yaml b/source_test.yaml index e3070a3596e..dfc162ef2f5 100644 --- a/source_test.yaml +++ b/source_test.yaml @@ -101,21 +101,6 @@ editable: False strict_validation: True -- name: 'root' - versions_from_repo: False - type: 2 - rest_api_url: 'https://api.root.io/external/osv/all.json' - ignore_patterns: ['^(?!ROOT-).*$'] - directory_path: 'osv' - detect_cherrypicks: False - extension: '.json' - db_prefix: ['ROOT-'] - ignore_git: True - human_link: 'https://root.io/security/{{ BUG_ID }}' - link: 'https://api.root.io/external/osv/' - editable: False - strict_validation: True - - name: 'chainguard' versions_from_repo: False rest_api_url: 'https://packages.cgr.dev/chainguard/osv/all.json' From 43ba2e3a35a81a8983b7e256c114296f66036628 Mon Sep 17 00:00:00 2001 From: Chai Tadmor Date: Mon, 29 Dec 2025 19:33:22 +0200 Subject: [PATCH 3/3] feat: Add Root to source.yaml for production Signed-off-by: Chai Tadmor --- source.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/source.yaml b/source.yaml index 9131af96fe3..86412039dab 100644 --- a/source.yaml +++ b/source.yaml @@ -101,6 +101,21 @@ editable: False strict_validation: False +- name: 'root' + versions_from_repo: False + type: 2 + rest_api_url: 'https://api.root.io/external/osv/all.json' + ignore_patterns: ['^(?!ROOT-).*$'] + directory_path: 'osv' + detect_cherrypicks: False + extension: '.json' + db_prefix: ['ROOT-'] + ignore_git: True + human_link: 'https://root.io/security/{{ BUG_ID }}' + link: 'https://api.root.io/external/osv/' + editable: False + strict_validation: True + - name: 'chainguard' versions_from_repo: False rest_api_url: 'https://packages.cgr.dev/chainguard/osv/all.json'