Greetings all,
I just moved the SPDX to OSV utility from my personal repo over to SPDX. This is a utility that will take an SPDX 2.2 or earlier document and query the Open Source Vulnerability <https://osv.dev/> database for potential vulnerabilities. If you are accessing the remote repo, you will need to update the remote to https://github.com/spdx/spdx-to-osv It is still a bit of a prototype, but Brandon Lum has made some good improvements and may provide a useful example or library for those looking for examples on how to use SPDX to access SPDX vulnerability information in external services or databases. Once SPDX 2.3 is released, we plan to update the utility to use the new format for more precise access to OSV. Let me know if you have any questions or concerns. Best regards, Gary ------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: <mailto:[email protected]> [email protected] CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4484): https://lists.spdx.org/g/Spdx-tech/message/4484 Mute This Topic: https://lists.spdx.org/mt/90847287/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
