Add the OCaml/OPAM advisory database #4581
Description
-
Prepare your data - refer to the OSV Schema documentation for information on how to properly format the data so it can be accepted.
-
Create a PR to reserve an ID prefix and define a new ecosystem (example). We review the records you start publishing for OSV Schema correctness and quality as part of reviewing and merging this PR.
- done and merged at Add the OPAM / OCaml ecosystem ossf/osv-schema#473
-
Prepare and publish your records via a Git repository (example). If this method isn’t ideal, we also support publishing records from REST API endpoints or through a GCS bucket(example).
- The datasource is located at https://github.com/ocaml/security-advisories. The branch "generated-osv" is automatically enhanced whenever a new advisory is merged to the main branch. That branch consists of one directory per year which contains the advisories, each in a separate file (OSEC-YEAR-NN).
-
To support API querying, please create a PR to extend purl_helpers.py and create a new ecosystem in _ecosystems.py. You can refer to existing examples showing how to implement support for Semver and non-Semver ecosystems.
-
Create a PR to start importing the records you are publishing into our test instance of OSV.dev and validate everything is working as intended there.
-
Create a PR to start importing the records you are publishing into our production environment