Comment by meander_water
Comment by meander_water 5 days ago
Kudos, this looks like a great product. I'm going to try it out today. Is there a reason why you only consume OSV and not CVE data?
Comment by meander_water 5 days ago
Kudos, this looks like a great product. I'm going to try it out today. Is there a reason why you only consume OSV and not CVE data?
We felt that OSV schema is designed with security tooling and automation as primary design goal. Specifically for our use-case, it captures the package name and versions using standardised schema. Also we saw adoption of OSV by package ecosystems like Python, Go etc.
While CVE is still the largest database of vulnerabilities, we felt OSV is good enough to identify most recent vulnerabilities