Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Osv: Integrate with SwiftPM #7841

Closed
fviernau opened this issue Nov 10, 2023 · 2 comments · Fixed by #8690
Closed

Osv: Integrate with SwiftPM #7841

fviernau opened this issue Nov 10, 2023 · 2 comments · Fixed by #8690
Labels
advisor About the advisor tool enhancement Issues that are considered to be enhancements

Comments

@fviernau
Copy link
Member

OSV now has vulnerability data for swift, see https://osv.dev/list?ecosystem=SwiftURL&q=.

Extend createRequest() in Osv.kt to handle it.
@fviernau fviernau added advisor About the advisor tool enhancement Issues that are considered to be enhancements good first issue An easy issue for new contributors labels Nov 10, 2023
@fviernau
Copy link
Member Author

It's not yet clear which package identifier format OSV.dev expects, see google/osv.dev#1923.

@fviernau
Copy link
Member Author

See also github/advisory-database#3333.

@fviernau fviernau changed the title Osv: Integrate with Spm Osv: Integrate with SwiftPM Jan 26, 2024
@sschuberth sschuberth removed the good first issue An easy issue for new contributors label Feb 29, 2024
fviernau added a commit that referenced this issue May 24, 2024
@fviernau
feat(osv): Enable querying vulnerabilities for the SwiftURL ecosystem
2825504 
Since the package identifiers in OSV's vulnerability data for the
SwiftURL ecosystem have become consistent [1], it is now clear how to
construct the requests. Simply add the missing mapping and a test to
enable retrieving vulnerabilities for Swift packages.

Fixes #7841.

[1] google/osv.dev#1923 (comment)

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
@fviernau fviernau mentioned this issue May 24, 2024
Merged
sschuberth pushed a commit that referenced this issue May 24, 2024
@fviernau @sschuberth
feat(osv): Enable querying vulnerabilities for the SwiftURL ecosystem
c7edb85 
Since the package identifiers in OSV's vulnerability data for the
SwiftURL ecosystem have become consistent [1], it is now clear how to
construct the requests. Simply add the missing mapping and a test to
enable retrieving vulnerabilities for Swift packages.

Fixes #7841.

[1] google/osv.dev#1923 (comment)

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisor About the advisor tool enhancement Issues that are considered to be enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(osv): Enable querying vulnerabilities for the SwiftURL ecosystem oss-review-toolkit/ort
2 participants
@sschuberth @fviernau