Skip to content

Commit 70e4f36

Browse files
orizerahorizerah
authored
Add Echo Ecosystem (#394)
Issue reference: google/osv.dev#3780 --------- Signed-off-by: Ori Zerah <[email protected]>
1 parent d671870 commit 70e4f36

File tree

6 files changed

+20
-2
lines changed

6 files changed

+20
-2
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ This format is currently exported by:
88
- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)
99
- [Chainguard](https://packages.cgr.dev/chainguard/osv/all.json)
1010
- [Curl](https://curl.se/docs/vuln.json)
11+
- [Echo](https://advisory.echohq.com/osv/all.json)
1112
- [GitHub Security Advisories](https://github.com/github/advisory-database)
1213
- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database)
1314
- [Go Vulnerability Database](https://github.com/golang/vulndb)
@@ -39,6 +40,7 @@ Together, these include vulnerabilities from:
3940
- Chainguard
4041
- crates.io
4142
- Debian GNU/Linux
43+
- Echo
4244
- GitHub Actions
4345
- Go
4446
- Haskell

bindings/go/osvschema/constants.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ const (
1717
EcosystemCRAN Ecosystem = "CRAN"
1818
EcosystemCratesIO Ecosystem = "crates.io"
1919
EcosystemDebian Ecosystem = "Debian"
20+
EcosystemEcho Ecosystem = "Echo"
2021
EcosystemGHC Ecosystem = "GHC"
2122
EcosystemGitHubActions Ecosystem = "GitHub Actions"
2223
EcosystemGo Ecosystem = "Go"

docs/schema.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -245,6 +245,17 @@ The defined database prefixes and their "home" databases are:
245245
</ul>
246246
</td>
247247
</tr>
248+
<tr>
249+
<td><code>ECHO</code></td>
250+
<td><a href="https://advisory.echohq.com/osv/all.json">Echo Security Advisory Database</a></td>
251+
<td>
252+
<ul>
253+
<li>How to contribute: TBD</li>
254+
<li>Source URL: TBD</li>
255+
<li>OSV Formatted URL: <code>https://advisory.echohq.com/osv/&lt;ID&gt;.json</code></li>
256+
</ul>
257+
</td>
258+
</tr>
248259
<tr>
249260
<td><code>ELA</code></td>
250261
<td><a href="https://www.freexian.com/lts/extended/">Debian Extended LTS Security Advisories (provided by Freexian)</a></td>
@@ -789,6 +800,7 @@ The defined ecosystems are:
789800
| `CRAN` | The R package ecosystem. The `name` is an R package name. |
790801
| `crates.io` | The crates.io ecosystem for Rust; the `name` field is a crate name. |
791802
| `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. |
803+
| `Echo` | The Echo package ecosystem; the `name` is the name of the source package. |
792804
| `GHC` | The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS). |
793805
| `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`. |
794806
| `Go` | The Go ecosystem; the `name` field is a Go module path. |

ecosystems.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
"CRAN": "The R package ecosystem. The `name` is an R package name.",
1212
"crates.io": "The crates.io ecosystem for Rust; the `name` field is a crate name.",
1313
"Debian": "The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string \"Debian:7\" refers to the Debian 7 (wheezy) release.",
14+
"Echo": "The Echo package ecosystem; the `name` is the name of the source package.",
1415
"GHC": "The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS).",
1516
"GitHub Actions": "The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`.",
1617
"Go": "The Go ecosystem; the `name` field is a Go module path.",

tools/osv-linter/internal/checks/schema_generated.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -341,6 +341,7 @@
341341
"CRAN",
342342
"crates.io",
343343
"Debian",
344+
"Echo",
344345
"GHC",
345346
"GitHub Actions",
346347
"Go",
@@ -377,7 +378,7 @@
377378
"type": "string",
378379
"title": "Currently supported ecosystems",
379380
"description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
380-
"pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
381+
"pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
381382
},
382383
"prefix": {
383384
"type": "string",

validation/schema.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -341,6 +341,7 @@
341341
"CRAN",
342342
"crates.io",
343343
"Debian",
344+
"Echo",
344345
"GHC",
345346
"GitHub Actions",
346347
"Go",
@@ -377,7 +378,7 @@
377378
"type": "string",
378379
"title": "Currently supported ecosystems",
379380
"description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
380-
"pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
381+
"pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
381382
},
382383
"prefix": {
383384
"type": "string",

0 commit comments

Comments
 (0)