Documentation
¶
Overview ¶
Package osv is an updater for OSV-formatted advisories.
Index ¶
Constants ¶
View Source
const DefaultURL = `https://osv-vulnerabilities.storage.googleapis.com/`
DefaultURL is the S3 bucket provided by the OSV project.
Variables ¶
View Source
var Factory driver.UpdaterSetFactory = &factory{}
Factory is the UpdaterSetFactory exposed by this package.
All configuration is done on the returned updaters. See the Config type.
Functions ¶
Types ¶
type Config ¶
type Config struct {
// The URL serving data dumps behind an S3 API.
//
// Authentication is unconfigurable, the ListObjectsV2 API must be publicly
// accessible.
URL string `json:"url" yaml:"url"`
// Allowlist is a list of ecosystems to allow. When this is unset, all are
// allowed.
//
// Extant ecosystems are discovered at runtime, see the OSV Schema
// (https://ossf.github.io/osv-schema/) or the "ecosystems.txt" file in the
// OSV data for the current list.
Allowlist []string `json:"allowlist" yaml:"allowlist"`
}
Config is the configuration that this updater accepts.
By convention, it's at a key called "osv".
Source Files
Click to show internal directories.
Click to hide internal directories.