https://github.com/google/osv Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Issues - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} google / osv Public * Notifications * Star 413 * Fork 51 * Open source vulnerability DB and triage service. osv.dev Apache-2.0 License 413 stars 51 forks Star Notifications * Code * Issues 22 * Pull requests 3 * Discussions * Actions * Projects 0 * Security * Insights More * Code * Issues * Pull requests * Discussions * Actions * Projects * Security * Insights master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 3 branches 1 tag Code Latest commit @oliverchang oliverchang Add "npm" as a supported ecosystem. (#232) ... 1b7dba5 Sep 29, 2021 Add "npm" as a supported ecosystem. (#232) 1b7dba5 Git stats * 196 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github/workflows Add GitHub action for publishing PyPI package. (#219) Sep 8, 2021 actions/analyze analyze_tool: add a flag to skip certain files. (#155) Jun 15, 2021 docker Various fixes. (#216) Sep 2, 2021 docs Update docs (#217) Sep 2, 2021 gcp Add "npm" as a supported ecosystem. (#232) Sep 29, 2021 lib Add "npm" as a supported ecosystem. (#232) Sep 29, 2021 tools Remove API_KEY requirements from docs. (#117) May 5, 2021 vulnfeeds vulnfeeds: Fix git range population. (#222) Sep 13, 2021 .gitignore Initial commit Jan 8, 2021 .gitmodules Initial commit Jan 8, 2021 .pylintrc Prepare for supporting OSV schema 0.8 (#202) Aug 31, 2021 .style.yapf Initial commit Jan 8, 2021 CONTRIBUTING.md Initial commit Jan 8, 2021 LICENSE Initial commit Jan 8, 2021 README.md Add "npm" as a supported ecosystem. (#232) Sep 29, 2021 cloudbuild.yaml Add tests for importer. (#50) Feb 4, 2021 View code OSV - Open Source Vulnerabilities Current data sources Viewing the web UI Using the API Architecture This repository README.md OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impact analysis to determine precise affected commit and version ranges. For open source consumers, OSV provides an API that lets users of these projects query whether or not their versions are impacted. [diagram] Current data sources This is an ongoing project. We encourage open source ecosystems to adopt the OpenSSF Vulnerability format for the benefit of the open source community. See our blog post for more details. The following ecosystems have vulnerabilities encoded in this format: * OSS-Fuzz * Python * Go * Rust * UVI * npm (from GitHub Security Advisories). For convenience, these sources are aggregated and continuously exported to a GCS bucket maintained by OSV: gs://osv-vulnerabilities. This bucket contains individual entries of the format gs:// osv-vulnerabilities//.json as well as a zip containing all vulnerabilities for each ecosystem at gs://osv-vulnerabilities/ /all.zip. E.g. for PyPI vulnerabilities: # Or download over HTTP via https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip gsutil cp gs://osv-vulnerabilities/PyPI/all.zip . Viewing the web UI An instance of OSV's web UI is deployed at https://osv.dev. Using the API curl -X POST -d \ '{"commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f"}' \ "https://api.osv.dev/v1/query" curl -X POST -d \ '{"version": "2.4.1", "package": {"name": "jinja2", "ecosystem": "PyPI"}}' \ "https://api.osv.dev/v1/query" Detailed documentation for using the API can be found at https:// osv.dev/docs/. Architecture You can find an overview of OSV's architecture here. This repository This repository contains all the code for running OSV on GCP. This consists of: * API server (gcp/api) * Web interface (gcp/appengine) * Workers for bisection and impact analysis (docker/worker) * Sample tools (tools) You'll need to check out submodules as well for many local building steps to work: git submodule update --init --recursive Contributions are welcome! We also have a mailing list and a FAQ. About Open source vulnerability DB and triage service. osv.dev Resources Readme License Apache-2.0 License Releases 1 0.0.5 Latest Sep 8, 2021 Packages 0 No packages published Used by 1 * @google @google / osv Contributors 4 * @oliverchang oliverchang Oliver Chang * @inferno-chromium inferno-chromium Abhishek Arya * @westonsteimel westonsteimel Weston Steimel * @di di Dustin Ingram Languages * Python 75.2% * Go 11.3% * Vue 6.5% * Shell 3.6% * Dockerfile 1.8% * JavaScript 0.9% * HTML 0.7% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.