diff --git a/README.md b/README.md
index 40f7136a..4af79d5b 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ This format is currently exported by:
- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)
- [Chainguard](https://packages.cgr.dev/chainguard/osv/all.json)
- [Curl](https://curl.se/docs/vuln.json)
+- [Echo](https://advisory.echohq.com/osv/all.json)
- [GitHub Security Advisories](https://github.com/github/advisory-database)
- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database)
- [Go Vulnerability Database](https://github.com/golang/vulndb)
@@ -39,6 +40,7 @@ Together, these include vulnerabilities from:
- Chainguard
- crates.io
- Debian GNU/Linux
+- Echo
- GitHub Actions
- Go
- Haskell
diff --git a/bindings/go/osvschema/constants.go b/bindings/go/osvschema/constants.go
index 9462838f..4d47f6f8 100644
--- a/bindings/go/osvschema/constants.go
+++ b/bindings/go/osvschema/constants.go
@@ -17,6 +17,7 @@ const (
EcosystemCRAN Ecosystem = "CRAN"
EcosystemCratesIO Ecosystem = "crates.io"
EcosystemDebian Ecosystem = "Debian"
+ EcosystemEcho Ecosystem = "Echo"
EcosystemGHC Ecosystem = "GHC"
EcosystemGitHubActions Ecosystem = "GitHub Actions"
EcosystemGo Ecosystem = "Go"
diff --git a/docs/schema.md b/docs/schema.md
index c6279c84..2e7a9690 100644
--- a/docs/schema.md
+++ b/docs/schema.md
@@ -245,6 +245,17 @@ The defined database prefixes and their "home" databases are:
+
+ ECHO |
+ Echo Security Advisory Database |
+
+
+ - How to contribute: TBD
+ - Source URL: TBD
+ - OSV Formatted URL:
https://advisory.echohq.com/osv/<ID>.json
+
+ |
+
ELA |
Debian Extended LTS Security Advisories (provided by Freexian) |
@@ -789,6 +800,7 @@ The defined ecosystems are:
| `CRAN` | The R package ecosystem. The `name` is an R package name. |
| `crates.io` | The crates.io ecosystem for Rust; the `name` field is a crate name. |
| `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:` suffix to scope the package to a particular Debian release. `` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. |
+| `Echo` | The Echo package ecosystem; the `name` is the name of the source package. |
| `GHC` | The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS). |
| `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`. |
| `Go` | The Go ecosystem; the `name` field is a Go module path. |
diff --git a/ecosystems.json b/ecosystems.json
index c5fb7ce1..56306df1 100644
--- a/ecosystems.json
+++ b/ecosystems.json
@@ -11,6 +11,7 @@
"CRAN": "The R package ecosystem. The `name` is an R package name.",
"crates.io": "The crates.io ecosystem for Rust; the `name` field is a crate name.",
"Debian": "The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:` suffix to scope the package to a particular Debian release. `` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string \"Debian:7\" refers to the Debian 7 (wheezy) release.",
+ "Echo": "The Echo package ecosystem; the `name` is the name of the source package.",
"GHC": "The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS).",
"GitHub Actions": "The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`.",
"Go": "The Go ecosystem; the `name` field is a Go module path.",
diff --git a/tools/osv-linter/internal/checks/schema_generated.json b/tools/osv-linter/internal/checks/schema_generated.json
index b30a9ef6..e5f1fd84 100644
--- a/tools/osv-linter/internal/checks/schema_generated.json
+++ b/tools/osv-linter/internal/checks/schema_generated.json
@@ -341,6 +341,7 @@
"CRAN",
"crates.io",
"Debian",
+ "Echo",
"GHC",
"GitHub Actions",
"Go",
@@ -377,7 +378,7 @@
"type": "string",
"title": "Currently supported ecosystems",
"description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
- "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
+ "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
},
"prefix": {
"type": "string",
diff --git a/validation/schema.json b/validation/schema.json
index b30a9ef6..e5f1fd84 100644
--- a/validation/schema.json
+++ b/validation/schema.json
@@ -341,6 +341,7 @@
"CRAN",
"crates.io",
"Debian",
+ "Echo",
"GHC",
"GitHub Actions",
"Go",
@@ -377,7 +378,7 @@
"type": "string",
"title": "Currently supported ecosystems",
"description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
- "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
+ "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|Wolfi|GIT)(:.+)?$"
},
"prefix": {
"type": "string",