data-platform team mailing list archive

Thread
Date

OSV/VEX data generation for mongodb-* PPAs

To: Mykola Marzhan <mykola.marzhan@xxxxxxxxxxxxx>, data-platform@xxxxxxxxxxxxxxxxxxx
From: Nick Galanis <nick.galanis@xxxxxxxxxxxxx>
Date: Mon, 7 Oct 2024 12:22:35 +0100
Cc: customer-ppa-security-crew@xxxxxxxxxxxxxxxxxxx

Hello,

The security team is working on the OSV/VEX formats data generation for the
various artifacts we maintain.

Both of those formats aim towards better vulnerability disclosure and more
detailed information, are JSON files, human readable and machine parseable.
Examples can be found here
<https://github.com/canonical/ubuntu-security-notices> for archive packages
and CVEs.

In your case, to store this data, 2 endpoints will be available to consume
from:

    1. The same place where OVAL files are currently being generated.
    2. A launchpad repo under your LP team, which will be named
*vulnerability-data *and will receive bi-daily updates.

Feel free to reply to this email asking questions regarding the formats and
their distribution.

-- 

[image: Canonical-20th-anniversary]

Nick Galanis

Software Engineer I - Security Engineering

Email:

nick.galanis@xxxxxxxxxxxxx

Location:

London, United Kingdom

Mobile:

+44 07521205965

canonical.com

ubuntu.com