-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import data from OpenSSF Malicious Packages #1412
base: main
Are you sure you want to change the base?
Import data from OpenSSF Malicious Packages #1412
Conversation
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shravankshenoy Thanks++, added some comments for your consideration
@@ -0,0 +1,9 @@ | |||
{ | |||
"aliases": ["MAL-2023-1077"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be used as an alias? What other options we have?
cc @pombredanne
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TG1999 yes, as an alias sounds fine
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
I have made the changes that had been requested. Let me know if anything else needs to be done. |
While working on PRs 1405 and 1417 I realized that in this PR I have not followed the purl-spec properly. For example crates.io should be mapped to cargo and rubygems should be mapped to gems. I will work on making these changes. |
Fixes #1409
Changes Made
Created OpenSSF importer
openssf.py
and added files for testing the importerResults
Ran the importer locally using command below with debug mode on
docker-compose exec vulnerablecode ./manage.py import vulnerabilities.importers.openssf.OpenSSFImporter
Importer ran successfully and imported 17182 advisories as can be seen in the image below
Other Consideration
ossf.py
but it was tantalizingly close tooss_fuzz.py
and could cause confusion, hence changed the name toopenssf.py
. Let me know if any better name is possible