Implement OSV in the classical Scanner workflow #190
Assignees
Labels
Comments
fraxken
added
enhancement
This was referenced Nov 30, 2023
|
API has been added in #216. The big question now is how can we use in a normal workflow when running a strategy like NPM Audit and then we also want to assert all packages using OSV database? We probably need to get a list of packages using Arborist and then batch a request to OSV (launching too many request could be a big problem too). |
fraxken
changed the title
fraxken
added
help wanted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add a new strategy / set of API to support the new OpenSSF project OSV: https://osv.dev/
Also see the official GitHub repository: https://github.com/ossf/malicious-packages
The text was updated successfully, but these errors were encountered: