osv

package

v1.4.21 Latest Latest Go to latest Published: Mar 29, 2023 License: Apache-2.0 Imports: 22 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/quay/claircore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package osv is an updater for OSV-formatted advisories.

Constants ¶

View Source

const DefaultURL = `https://osv-vulnerabilities.storage.googleapis.com/`

DefaultURL is the S3 bucket provided by the OSV project.

Variables ¶

View Source

var Factory driver.UpdaterSetFactory = &factory{}

Factory is the UpdaterSetFactory exposed by this package.

All configuration is done on the returned updaters. See the Config type.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// The URL serving data dumps behind an S3 API.
	//
	// Authentication is unconfigurable, the ListObjectsV2 API must be publicly
	// accessible.
	URL string `json:"url" yaml:"url"`
	// Allowlist is a list of ecosystems to allow. When this is unset, all are
	// allowed.
	//
	// Extant ecosystems are discovered at runtime, see the OSV Schema
	// (https://ossf.github.io/osv-schema/) for the current list.
	Allowlist []string `json:"allowlist" yaml:"allowlist"`
}

Config is the configuration that this updater accepts.

By convention, it's at a key called "osv".

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL