This repository contains tools, libraries and protocol buffer definitions to work with the Open Source Vulnerabilities format.
This repository contains libraries to read OSV data generated from the protocol buffer definitions. For now we are only generating go modules, read below if you need others.
The go module can be imported as:
go get github.com/carabiner-dev/osv
The main osv module maintains type aliases to all the major types defined in the protocol buffers definition. This means that this:
package main
import(
"github.com/carabiner-dev/osv/go/osv"
)
var r = osv.Record{}will always give you a record of the latest support version. If you want a more deterministic behavior, you can always use the versioned types:
package main
import(
osv "github.com/carabiner-dev/osv/go/osv/v1_6_7"
)
var r = osv.Record{} // This will always be a v1.6.7 recordThe main module offers a simple parser that can parse results sets:
package main
import(
"github.com/carabiner-dev/osv/go/osv"
)
func main() {
f, err := os.Open("osv-data.json")
if err != nil {
os.Exit(1)
}
// Create new parser
parser := osv.NewParser()
// Parse the OSV data
results, err := parse.ParseRestultsFromStream(f)
}There are currently no plans to generate code for other languages but feel free to file an issue or open a PR if you need them.
If you want to regenerate the code from the protocol definition, the
repository has a buf configuration that takes care of storing and naming
files.
Install the latest version of the buf CLI
and generate the libraries from the top of the repo:
buf generate