Surface all OSV schema fields on vulnerability details.
oliverchang opened this issue · comments
Right now the vulnerabilities page is missing rendering of several fields that are part of the OSV JSON.
E.g.
- purl: https://ossf.github.io/osv-schema/#affectedpackage-field
- per-range ecosystem/database_specific: https://ossf.github.io/osv-schema/#affectedecosystem_specific-field
- Credits: https://ossf.github.io/osv-schema/#credits-fields
- Severity: https://ossf.github.io/osv-schema/#severity-field
- And probably more.
I'm planning to work on this issue.
Regarding per-range ecosystem/database_specific, if I understand it correctly, currently the both ecosystem_specific
and database_specific
are displayed if provided:
osv.dev/gcp/appengine/frontend3/src/templates/vulnerability.html
Lines 133 to 156 in 0f4e0c2
Do we need to expose top level database_specific field (https://ossf.github.io/osv-schema/#database_specific-field)?
Yes, we should expose the top level database specific field, though I'm not sure which entries have a top level database specific field.