Undo unrelated changes to keep this PR diff clean

Moved to google#2219 to get merged sooner.
andrewpollock · May 17, 2024 · 8b6e6d0 · 8b6e6d0
1 parent d75f4aa
commit 8b6e6d0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 24 deletions.
diff --git a/docs/data.md b/docs/data.md
@@ -52,16 +52,14 @@ The following ecosystems have vulnerabilities encoded in this format:
     ([CC-BY 4.0](https://github.com/psf/advisory-database/blob/main/LICENSE))
 
 ## Converted data
-
 Additionally, the OSV.dev team maintains a conversion pipeline for:
 
 -   [Debian Security Advisories](https://storage.googleapis.com/debian-osv/index.html),
     using the conversion tools
     [here](https://github.com/google/osv.dev/tree/master/vulnfeeds/tools/debian).
 -   [Alpine SecDB](https://storage.googleapis.com/cve-osv-conversion/index.html?prefix=osv-output/),
     using the conversion tools
-    [here](https://github.com/google/osv.dev/tree/master/vulnfeeds/cmd/alpine),
--   [NVD CVEs for open source software](https://storage.googleapis.com/cve-osv-conversion/index.html?prefix=osv-output/) using the conversion tools [here](https://github.com/google/osv.dev/tree/master/vulnfeeds/cmd/nvd-cve-osv)
+    [here](https://github.com/google/osv.dev/tree/master/vulnfeeds/cmd/alpine)
 
 ## Covered Ecosystems
 
@@ -122,4 +120,4 @@ A list of all current ecosystems is available at
 ## Contributing Data
 If you a work with a project such as a Linux distribution and would like to contribute your security advisories, please follow the steps outlined in [CONTRIBUTING.md](https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md#contributing-data)
 
-Data can be supplied either through a public Git repository, a public GCS bucket or to [REST API endpoints](contributing/rest-api-contribution.md).
+Data can be supplied either through a public Git repository, a public GCS bucket or to [REST API endpoints](contributing/rest-api-contribution.md).
diff --git a/vulnfeeds/cmd/nvd-cve-osv/README.md b/vulnfeeds/cmd/nvd-cve-osv/README.md
@@ -1,24 +1,10 @@
-# Converting NVD CVEs for open source software to OSV
+# Proof-of-concept code to leverage vulnfeeds for reasoning about C/C++ sources
 
-Further context at [Introducing broad C/C++ vulnerability management support](https://osv.dev/blog/posts/introducing-broad-c-c++-support/)
-
-See [run_cve_to_osv_generation.sh](https://github.com/google/osv.dev/blob/master/vulnfeeds/cmd/nvd-cve-osv/run_cve_to_osv_generation.sh) for how this is invoked in Production.
-
-To see it in action on a single CVE:
+This can be invoked as:
 
+```shell
+go run cmd/nvd-cve-osv/main.go \
+  --nvd_json cve_jsons/nvdcve-1.1-2022.json \
 ```
-mkdir -p /tmp/nvd2osv
-
-gcloud storage cp "gs://cve-osv-conversion/cpe_repos/cpe_product_to_repo.json" "/tmp"
 
-curl --output /tmp/CVE-2024-3094.json https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-3094
-
-git clone --recurse-submodules https://github.com/google/osv.dev
-
-cd osv.dev/vulnfeeds
-
-go run cmd/nvd-cve-osv/main.go \
-  --cpe_repos "/tmp/cpe_product_to_repo.json" \
-  --nvd_json "/tmp/CVE-2024-3094.json" \
-  --out_dir "/tmp/nvd2osv"
-```
+Use `cmd/download-cves/main.go` for downloading the NVD JSON files