git: 714747f016 - main - Status/2025Q4/osv.adoc: Add report

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Tue, 30 Dec 2025 10:22:53 UTC
The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=714747f016a678bc3b230b4f180e249c9ac246b0

commit 714747f016a678bc3b230b4f180e249c9ac246b0
Author:     Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
AuthorDate: 2025-12-30 10:15:20 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2025-12-30 10:15:20 +0000

    Status/2025Q4/osv.adoc: Add report
    
    Differential Revision:  https://reviews.freebsd.org/D54344
---
 .../en/status/report-2025-10-2025-12/osv.adoc      | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/website/content/en/status/report-2025-10-2025-12/osv.adoc b/website/content/en/status/report-2025-10-2025-12/osv.adoc
new file mode 100644
index 0000000000..daa26103b1
--- /dev/null
+++ b/website/content/en/status/report-2025-10-2025-12/osv.adoc
@@ -0,0 +1,26 @@
+=== Converting VuXML to Open Source Vulnerability database
+
+Links: +
+link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[FreeBSD OSV database for pkg] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json[] +
+link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[FreeBSD Vulnerabilities for year 2025 in Markdown/Commonmark format] URL: link:https://github.com/illuusio/freebsd-osv/tree/main/md/2025[] +
+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[Lua OSV tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua[] +
+link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[Python VuXML to OSV conversion tool] URL: link:https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py[] +
+link:https://github.com/freebsd/pkg/pull/2558[pkg PR for OSV] URL: link:https://github.com/freebsd/pkg/pull/2558[] +
+link:https://github.com/ossf/osv-schema/pull/237[OSV Schema pull request] URL: link:https://github.com/ossf/osv-schema/pull/237[] +
+link:https://github.com/google/osv.dev/issues/3901[OSV issue to track down OSV integration in Google OSV Github repository] URL: link:https://github.com/google/osv.dev/issues/3901[] +
+link:https://github.com/package-url/purl-spec/pull/496[FreeBSD PURL effort] URL: link:https://github.com/package-url/purl-spec/pull/496[]
+
+Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+The Open Source Vulnerability database effort has been ongoing since May. The target for this effort was to produce an OSV database and retire the old VuXML database format.
+
+Currently, there is a test database and a pull request for man:pkg[8]. The test database can be updated from VuXML and converted to OSV JSON format. Needed tooling to update and create a merged database file for pkg is complete. There is also exporting for Commonmark which renders fine in Github.
+
+Additionally, upstream support for FreeBSD in the OSV Schema has been implemented, allowing OSV files to be validated against official sources. There has also been an effort for PURL that is slowly moving forward.
+
+If you want to help with this project, here are some tasks:
+
+- Verify that conversion from VuXML to OSV is accurate
+- Verify that pkg can use the OSV database and produces correct output
+
+Sponsor: The FreeBSD Foundation