D54344.id168534.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D54344.id168534.diff
View Options

	diff --git a/website/content/en/status/report-2025-10-2025-12/osv.adoc b/website/content/en/status/report-2025-10-2025-12/osv.adoc
	new file mode 100644
	--- /dev/null
	+++ b/website/content/en/status/report-2025-10-2025-12/osv.adoc
	@@ -0,0 +1,28 @@
	+=== Converting VuXML to Open Source Vulnerability database
	+
	+Links: +
	+link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[FreeBSD OSV database for pkg(8)] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[] +
	+link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[FreeBSD Vulnerabilities for year 2025 in Markdown/Commonmark format] URL: link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[] +
	+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[Lua OSV tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[] +
	+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[Python VuXML to OSV conversion tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[] +
	+link:https://github.com/freebsd/pkg/pull/2558[pkg(8) PR for OSV] URL: link:https://github.com/freebsd/pkg/pull/2558[] +
	+link:https://github.com/ossf/osv-schema/pull/237[OSV Schema pull request] URL: link:https://github.com/ossf/osv-schema/pull/237[] +
	+link:https://github.com/google/osv.dev/issues/3901[OSV issue to track down OSV integration in Google OSV Github repository] URL: link:https://github.com/google/osv.dev/issues/3901[] +
	+link:https://github.com/package-url/purl-spec/pull/496[FreeBSD PURL effort] URL: link:https://github.com/package-url/purl-spec/pull/496[]
	+
	+Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
	+
	+The Open Source Vulnerability database effort has been ongoing since May. The target for this effort was to produce an OSV database and retire the old VuXML database format.
	+
	+Currently, there is a test database and a pull request for `pkg(8)`. The test database can be updated from VuXML and converted to OSV JSON format. Needed tooling to update and create a merged database file for `pkg(8)` is complete. There is also exporting for Commonmark which renders fine in Github.
	+
	+Additionally, upstream support for FreeBSD in the OSV Schema has been implemented, allowing OSV files to be validated against official sources. There has also been an effort for PURL that is slowly moving forward.
	+
	+If you want to help with this project, here are some tasks:
	+
	+- Verify that conversion from VuXML to OSV is accurate
	+- Verify that `pkg(8)` can use the OSV database and produces correct output
	+
	+The FreeBSD Foundation is a US-based 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project and community.
	+
	+Sponsor: The FreeBSD Foundation

File Metadata

Mime Type: text/plain
Expires: Thu, Jan 1, 8:27 AM (5 h, 46 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27221427
Default Alt Text: D54344.id168534.diff (2 KB)

D54344.id168534.diffNo OneTemporaryActions

D54344.id168534.diffView Options

File Metadata

Event Timeline

D54344.id168534.diff
No OneTemporary
Actions

D54344.id168534.diff
View Options