Add Root as official data source with ROOT-OS and ROOT-APP prefixes#459
Add Root as official data source with ROOT-OS and ROOT-APP prefixes#459another-rex merged 1 commit intoossf:mainfrom
Conversation
another-rex
left a comment
another-rex
left a comment
There was a problem hiding this comment.
Thanks for the PR! Please update the ecosystems.json file and run ./scripts/update-ecosystem-lists.py to generate the required changes.
| - [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database) | ||
| - [Red Hat](https://security.access.redhat.com/data) | ||
| - [Rocky Linux](https://distro-tools.rocky.page/apollo/openapi/#osv) | ||
| - [Root](https://api.root.io/external/osv/all.json) |
There was a problem hiding this comment.
This should be linking to a human readable documentation or webpage.
There was a problem hiding this comment.
Can you elaborate on this please? Looking at other entries here like: MinimOS, Chainguard and Echo, it looks like they have the same type of link, but I might be missing the intention here
There was a problem hiding this comment.
It's not a strict requirement, but most links here links to a readme or intro of some kind that's more human friendly so that if folks are interested in a project, they can click on the link and see what they are and how they are publishing OSVs. If you folks do not have this kind of page, feel free to leave it as is.
Thanks! updated |
another-rex
left a comment
another-rex
left a comment
There was a problem hiding this comment.
Thanks for the clarification, LGTM.
| - [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database) | ||
| - [Red Hat](https://security.access.redhat.com/data) | ||
| - [Rocky Linux](https://distro-tools.rocky.page/apollo/openapi/#osv) | ||
| - [Root](https://api.root.io/external/osv/all.json) |
There was a problem hiding this comment.
It's not a strict requirement, but most links here links to a readme or intro of some kind that's more human friendly so that if folks are interested in a project, they can click on the link and see what they are and how they are publishing OSVs. If you folks do not have this kind of page, feel free to leave it as is.
|
Can you have a look at the DCO check and resolve that, plus the merge conflicts? Thanks! |
Done |
…ixes Signed-off-by: Chai Tadmor <chai.tadmor@root.io> # Conflicts: # tools/osv-linter/internal/checks/schema_generated.json # validation/schema.json
2 participants
Root provides security advisories for container images with patched vulnerabilities across multiple ecosystems including Alpine, Debian, Ubuntu, npm, PyPI, and Go modules.
This PR reserves two database-specific prefixes:
Root uses existing ecosystems and does not introduce a new ecosystem.
Changes:
osv.dev issue
osv.dev PR