-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(blog): api queries for more linux distros (#2760)
Add a blog post: api queries for more linux distros --------- Co-authored-by: Andrew Pollock <[email protected]>
- Loading branch information
1 parent
cf73474
commit a58c0bf
Showing
1 changed file
with
24 additions
and
0 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
...ngine/blog/content/posts/announcing-api-queries-for-more-linux-distros/index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
title: "API Queries for More Linux Distributions" | ||
date: 2024-10-22T00:00:00Z | ||
draft: false | ||
author: Holly Gong | ||
--- | ||
|
||
We're excited to announce that OSV.dev's API now allows you to query all our supported Linux distributions! From now on, any new Linux distribution adopting the OSV Schema will be instantly available for querying as soon as it's imported by OSV.dev! | ||
<!--more--> | ||
|
||
2024 has seen significant adoption of the OSV Schema from prominent Linux distributions such as [Ubuntu](https://openssf.org/blog/2024/06/11/ubuntu-security-notices-now-available-in-osv/), [Chainguard/Wolfi](https://openssf.org/blog/2024/07/03/chainguard-enhances-security-with-osv-advisory-feed/), and [SUSE/openSUSE](https://www.suse.com/support/update/). In particular, Ubuntu provides us with both [Ubuntu Security Notices](https://ubuntu.com/security/notices) (identified as `USN-`) and [Ubuntu CVE Tracker](https://ubuntu.com/security/cves) (identified as `UBUNTU-CVE-`) to cover fixed and unfixed vulnerabilities. Chainguard/Wolfi and SUSE/openSUSE have also recently adopted the OSV Schema. This increased community adoption allows us to expand our Linux distribution vulnerability coverage significantly. | ||
|
||
Although we had expanded our coverage of Linux distributions, we didn't support API queries for many of them due to limitations in our query implementation. Specifically, the OSV.dev API relied solely on enumerated affected versions for package version queries, requiring version enumeration functions to be implemented for each ecosystem. This approach was difficult to scale and limited our API queries to only Debian, Ubuntu, and Alpine. As a result, the lack of API query support for other Linux distributions created a barrier for users accessing the available data. | ||
|
||
To overcome the limitations of our previous implementation, we developed a new [affected range matching method](https://github.com/google/osv.dev/issues/2401). This new method eliminates the need for version enumeration, allowing us to support queries for a wider range of Linux distributions. As a result, OSV.dev now supports package version queries across all our Linux distributions, including Rocky Linux, AlmaLinux, Chainguard/Wolfi, and SUSE/openSUSE. Furthermore, with this new method, any new Linux distribution that publishes vulnerabilities in the OSV Schema and is imported by OSV.dev in the future will be immediately queryable. | ||
|
||
```bash | ||
curl -d \ | ||
'{"package": {"name": "nodejs", "ecosystem": "AlmaLinux"}, | ||
"version": "1:16.13.1-3.module_el8.5.0+2605+45d748af"}' \ | ||
https://api.osv.dev/v1/query | ||
``` | ||
|
||
This year, the OSV team has had a big focus on container image scanning. With the improved Linux distribution data and API query capabilities, we will deliver even better results for container image scanning. In our next update on container image scanning, we'll dive deeper into base image identification and layer attribution. Additionally, we'll unveil a new output format for OSV-Scanner. Stay tuned for more! |