Skip to content

Commit

Permalink
add initial reference for CGA (chainguard)
Browse files Browse the repository at this point in the history
Signed-off-by: cpanato <[email protected]>
  • Loading branch information
cpanato committed Jun 5, 2024
1 parent d4b266d commit 6de7bca
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
This is the repository for the Open Source Vulnerability schema (OSV Schema), which is currently exported by:
- [AlmaLinux](https://github.com/AlmaLinux/osv-database)
- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)
- [Chainguard](https://packages.cgr.dev/chainguard/osv/all.json)
- [Curl](https://curl.se/docs/vuln.json)
- [GitHub Security Advisories](https://github.com/github/advisory-database)
- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database)
Expand All @@ -26,6 +27,7 @@ Together, these include vulnerabilities from:
- Alpine
- Android
- Bitnami
- Chainguard
- crates.io
- Debian GNU/Linux
- GitHub Actions
Expand Down
12 changes: 12 additions & 0 deletions docs/schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -387,6 +387,17 @@ The defined database prefixes and their "home" databases are:
</ul>
</td>
</tr>
<tr>
<td><code>CGA</code></td>
<td><a href="https://packages.cgr.dev/chainguard/osv/all.json">Chainguard Security Notices</a></td>
<td>
<ul>
<li>How to contribute: TBD</li>
<li>Source URL: TBD</li>
<li>OSV Formatted URL: <code>https://packages.cgr.dev/chainguard/osv/&lt;ID&gt;.json</code></li>
</ul>
</td>
</tr>
<tr>
<td>Your database here</td>
<td colspan="2"><a href="https://github.com/ossf/osv-schema/compare">Send us a PR</a></td>
Expand Down Expand Up @@ -636,6 +647,7 @@ The defined ecosystems are:
| `Bioconductor` | The biological R package ecosystem. The `name` is an R package name. |
| `Bitnami` | Bitnami package ecosystem; the `name` is the name of the affected component. |
| `ConanCenter` | The ConanCenter ecosystem for C and C++; the `name` field is a Conan package name. |
| `CGA` | Chainguard package ecosystem; the `name` is the name of the package name. The package name might have a `:<RELEASE>` suffix to scope the package to a particular version stream. `<RELEASE>` is a numeric version. |
| `CRAN` | The R package ecosystem. The `name` is an R package name. |
| `crates.io` | The crates.io ecosystem for Rust; the `name` field is a crate name. |
| `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. |
Expand Down

0 comments on commit 6de7bca

Please sign in to comment.