Skip to content

enhance(cve-feed): re-organize code and cut srctl osv blob into cve feed#191

Open
Daniel-Giszpenc wants to merge 3 commits into
kubernetes:mainfrom
Daniel-Giszpenc:add-osv-info-to-cve-json-feed
Open

enhance(cve-feed): re-organize code and cut srctl osv blob into cve feed#191
Daniel-Giszpenc wants to merge 3 commits into
kubernetes:mainfrom
Daniel-Giszpenc:add-osv-info-to-cve-json-feed

Conversation

@Daniel-Giszpenc

Copy link
Copy Markdown
Contributor

Issue: tooling: add the OSV CVE information to the official CVE feed #177

Work Done:

  • add JSON OSV blob to the CVE JSON feed under the custom _kubernetes_io object
  • organize fetch code into into functions in a way that felt more readable and cleanly segmented step by step

Work Not Done Yet:

  • osv source object
  • pull osv from cve-feed-osv repo when not available in github issue
  • readme improvement for contributing to the tool

A lot of the work I did here was just going off of PR #183 which itself was going off of PR #181. This PR should close both of these mentioned PRs when completed.

Considering the scale of refactor I did to cleanup in what is my personalized view and some work not being done yet this is only a draft for now but feedback is very welcome.

- add JSON OSV blob to the CVE JSON feed
- organize fetch code into  into functions in a way that felt more readable and cleanly segmented step by step
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 13, 2026
@k8s-ci-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Daniel-Giszpenc
Once this PR has been reviewed and has the lgtm label, please assign iancoldwater for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 13, 2026
@k8s-ci-robot

Copy link
Copy Markdown
Contributor

Hi @Daniel-Giszpenc. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 13, 2026
@Daniel-Giszpenc

Copy link
Copy Markdown
Contributor Author

Didn't realize making the PR myself wouldn't assign me, my bad.
/assign

- add error handling for json handling
- add fetch from cve-feed-osv repo feature
- add osv_generator to _kubernetes_io object
@Daniel-Giszpenc
Daniel-Giszpenc marked this pull request as ready for review April 15, 2026 16:58
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 15, 2026
@PushkarJ

Copy link
Copy Markdown
Member

Thanks for picking up the changes from my draft PR and grouping all of the other changes here.

If you don't mind, I would appreciate being added as co-author for this commit: 002c39d like this: https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors

OR you can cherry-pick commit instead https://gist.github.com/jrussellsmyth/3e50150bc14483fbbb7765be02e3f510

@mtardy fyi in case you have any suggestions or opinions

Co-Authored-By: Pushkar Joglekar <3390906+PushkarJ@users.noreply.github.com>
@Daniel-Giszpenc
Daniel-Giszpenc force-pushed the add-osv-info-to-cve-json-feed branch from 002c39d to a8f4a3b Compare May 1, 2026 16:13
@Daniel-Giszpenc

Copy link
Copy Markdown
Contributor Author

Happy to help. Is the way I fixed the commit to add you as co-author good or should I do something else? @PushkarJ

@PushkarJ

PushkarJ commented May 1, 2026

Copy link
Copy Markdown
Member

Happy to help. Is the way I fixed the commit to add you as co-author good or should I do something else? @PushkarJ

Yes. Thanks for doing this :)

@PushkarJ

Copy link
Copy Markdown
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 14, 2026

@mtardy mtardy left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Considering the scale of refactor I did to cleanup in what is my personalized view and some work not being done yet this is only a draft for now but feedback is very welcome.

I'd say if you can minimize refactor and churn and just add the needed work that would be ideal. Churn or refactor is a price to pay if we don't have any other way of doing things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants