Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

osv-linter additional checks #311

Open
2 of 27 tasks
andrewpollock opened this issue Nov 11, 2024 · 3 comments
Open
2 of 27 tasks

osv-linter additional checks #311

andrewpollock opened this issue Nov 11, 2024 · 3 comments
Assignees

Comments

@andrewpollock
Copy link
Collaborator

Tracking for checks thought of, but yet to be implemented:

ranges

  • range type is correct (SEMVER is valid, GIT is valid)

ecosystems

Package existence and package version existence for:

  • AlmaLinux
  • Alpine
  • Android
  • Bitnami
  • CRAN
  • Chainguard
  • Debian
  • GitHub Actions
  • Go
  • Hackage
  • Hex
  • Maven
  • NuGet
  • Packagist
  • Pub
  • PyPI
  • Red Hat
  • Rocky Linux
  • RubyGems
  • SUSE
  • SwiftURL
  • Ubuntu
  • Wolfi
  • crates.io
  • npm
  • openSUSE
@andrewpollock andrewpollock self-assigned this Nov 11, 2024
@andrewpollock
Copy link
Collaborator Author

/cc @hogo6002 FYI

@hogo6002
Copy link
Contributor

ranges

  • range type is correct (SEMVER is valid, GIT is valid)

We can also use osv-scanner/semantic to do the following checks:

  • range versions are correct ecosystem versions (correct version format).
  • version range is valid (fixed version != 0 && introduced version < fixed version).

@andrewpollock
Copy link
Collaborator Author

Additional ones around record metadata that occurred to me:

  • published is <= modified
  • modified is >= withdrawn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants