Skip to content

OSV metadata parsing issues#1

Open
kpauljoseph wants to merge 1 commit intokpauljoseph:mainfrom
guidewire-oss:osv-metadata-parsing-issues
Open

OSV metadata parsing issues#1
kpauljoseph wants to merge 1 commit intokpauljoseph:mainfrom
guidewire-oss:osv-metadata-parsing-issues

Conversation

@kpauljoseph
Copy link
Owner

@kpauljoseph kpauljoseph commented Oct 9, 2025

Description of the PR

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If GraphQL schema is changed, GraphQL client updates/additions have been made
  • If OpenAPI spec is changed, make generate has been run
  • If ent schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@shreyasHpandya @kpauljoseph
vulnerability is not getting ingested
0ed7b76 
when you enable --add-vuln-metadata flag for osv certifier, it is
encountering issues when parsing socre due to score menthod mismatch
between the supplied value from OSV and the actual score in case of CVSS
socres. Also there are unsupported socre types like "ubuntu". All these
results in score parsing error which results in entire vulnerability
being skipped from ingestion, instead more correct thing to do might be
to ingest atleast the vulnerability id and whichever scores are
successfully parsed and log the warning massages for unsupported scores.
fixes guacsec#2751

Signed-off-by: Shreyas Pandya <pandyashreyas1@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kpauljoseph @shreyasHpandya