Import container/helm vulnerabilities from ArtifactHub.io #2666
Assignees
Labels
backlog
Important but currently unprioritized
datasource
Requests for new data sources
enhancement
New feature or request
Comments
|
Thanks for the endorsement and for raising this with Artifacthub.io as well. We're largely dependent on them choosing to publish OSV records before we can move this forward... |
andrewpollock
added
datasource
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently, osv.dev doesn't have much information about container image vulnerabilities.
At the same time Artifacthub.io runs trivy to scan container images1, would be great to be able to see vulnerability information collected by Artifacthub in osv.dev.
Describe the solution you'd like
Integrate Artifacthub as datasource for vulnerabilities using Security Report API2
Describe alternatives you've considered
Fetching vulnerability information directly form ArtifactHub API2
Additional context
Footnotes
https://artifacthub.io/docs/topics/security_report/ ↩
https://artifacthub.io/docs/api/#/Packages/getPackageSecurityReport ↩ ↩2
The text was updated successfully, but these errors were encountered: