Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certifier - OSV Scanner API for batch querying #323

Closed
pxp928 opened this issue Jan 18, 2023 · 7 comments · Fixed by #383
Closed

Certifier - OSV Scanner API for batch querying #323

pxp928 opened this issue Jan 18, 2023 · 7 comments · Fixed by #383
Labels
long-term Things for the future

Comments

@pxp928
Copy link
Collaborator

pxp928 commented Jan 18, 2023

Currently, the OSV Scanner querying API is copied as an internal file. Working with upstream maintainers to determine a path forward to remove this file.

Continuation from PR comment:
#245 (comment)

cc @oliverchang
@pxp928 pxp928 added the long-term Things for the future label Jan 18, 2023
@pxp928 pxp928 mentioned this issue Jan 18, 2023
Closed
@pxp928
Copy link
Collaborator Author

pxp928 commented Jan 18, 2023

Currently, OSV Scanner does not allow for a direct query for a package based on a purl. See: https://github.com/google/osv-scanner/blob/main/pkg/osvscanner/osvscanner.go#L261. Determine if there is an alternative method or if this can be added to upstream OSV scanner.

@pxp928
Copy link
Collaborator Author

pxp928 commented Jan 18, 2023

FYI @lumjjb

@oliverchang
Copy link

Currently our actual OSV querying code is in an internal package: https://github.com/google/osv-scanner/blob/main/internal/osv/osv.go

@another-rex would it make sense to make some of these public so other tools can call the OSV API through our client?

@another-rex
Copy link

That can work, we can put it under v1 folder under pkgs so that it's public and if there are any breaking changes it easy to update.

@another-rex another-rex mentioned this issue Jan 24, 2023
Closed
@pxp928
Copy link
Collaborator Author

pxp928 commented Jan 24, 2023

Awesome thanks @another-rex!

@another-rex
Copy link

This is now merged: google/osv-scanner#167, so the library should now be public:

"github.com/google/osv-scanner/pkg/osv"

@pxp928 pxp928 mentioned this issue Jan 30, 2023
Merged
@pxp928
Copy link
Collaborator Author

pxp928 commented Jan 30, 2023

Thanks, @another-rex and @oliverchang!

@kodiakhq kodiakhq bot closed this as completed in #383 Jan 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
long-term Things for the future
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

remove internal OSV query and pull from upstream OSV_scanner project pxp928/artifact-ff
3 participants
@oliverchang @pxp928 @another-rex