diff --git a/src/assets/img/osv-logo.png b/src/assets/img/osv-logo.png
new file mode 100644
index 000000000..ba25df823
Binary files /dev/null and b/src/assets/img/osv-logo.png differ
diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss
index 91f9795bc..5650d5423 100644
--- a/src/assets/scss/_custom.scss
+++ b/src/assets/scss/_custom.scss
@@ -104,6 +104,10 @@
background-color: #D4BBF7;
border: 1px solid #A66AF7;
}
+.label-source-google {
+ background-color: #f7bbdc;
+ border: 1px solid #cc668a;
+}
.label-source-internal {
background-color: #EBE5A8;
border: 1px solid #DCD167;
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 02223923c..2ea4dea73 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -388,6 +388,7 @@
"nvd": "NVD",
"national_vulnerability_database": "National Vulnerability Database",
"github_advisories": "GitHub Advisories",
+ "osv_advisories": "Google OSV Advisories",
"repositories": "Repositories",
"cargo": "Cargo",
"composer": "Composer",
@@ -452,6 +453,8 @@
"vulnsource_nvd_feeds_url": "NVD Feeds URL",
"vulnsource_github_advisories_enable": "Enable GitHub Advisory mirroring",
"vulnsource_github_advisories_desc": "GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes need to be assigned to it.",
+ "vulnsource_osv_advisories_enable": "Enable Google OSV Advisory mirroring",
+ "vulnsource_osv_advisories_desc": "Google OSV is a distributed vulnerability and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. It serves as an aggregator of vulnerability databases that have adopted the OpenSSF Vulnerability format.",
"registered_email_address": "Registered email address",
"api_token": "API token",
"consumer_key": "Consumer key",
diff --git a/src/shared/common.js b/src/shared/common.js
index 0a1f37b6f..d30a53742 100644
--- a/src/shared/common.js
+++ b/src/shared/common.js
@@ -95,7 +95,7 @@ $common.formatCweShortLabel = function formatCweShortLabel(cweId, cweName) {
/**
* Formats and returns a specialized label for a vulnerability analyzer (OSSINDEX_ANALYZER, INTERNAL_ANALYZER, etc).
*/
-$common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnId, alternateIdentifier, referenceUrl) {
+$common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnSource, vulnId, alternateIdentifier, referenceUrl) {
if (! analyzer) {
return null;
}
@@ -103,7 +103,12 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnId, alt
let analyzerUrl = null;
switch (analyzer) {
case 'INTERNAL_ANALYZER':
- analyzerLabel = "Internal";
+ analyzerLabel = vulnSource;
+ if(vulnSource === "GITHUB") {
+ analyzerUrl = "https://github.com/advisories/" + vulnId;
+ } else if(vulnSource === "OSV") {
+ analyzerUrl = "https://osv.dev/vulnerability/" + vulnId;
+ }
break;
case 'OSSINDEX_ANALYZER':
analyzerLabel = "OSS Index";
diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
index 4ac3a2a5a..b46559582 100644
--- a/src/views/administration/AdminMenu.vue
+++ b/src/views/administration/AdminMenu.vue
@@ -97,6 +97,11 @@
component: "VulnSourceGitHubAdvisories",
name: this.$t('admin.github_advisories'),
href: "#vulnsourceGitHubAdvisoriesTab"
+ },
+ {
+ component: "VulnSourceOSVAdvisories",
+ name: this.$t('admin.osv_advisories'),
+ href: "#vulnsourceOSVAdvisoriesTab"
}
]
},
diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
index c9cd8d33c..0c34a45c5 100644
--- a/src/views/administration/Administration.vue
+++ b/src/views/administration/Administration.vue
@@ -30,6 +30,7 @@
// Vulnerability sources
import VulnSourceNvd from "./vuln-sources/VulnSourceNvd";
import VulnSourceGitHubAdvisories from "./vuln-sources/VulnSourceGitHubAdvisories";
+ import VulnSourceOSVAdvisories from "./vuln-sources/VulnSourceOSVAdvisories";
// Repositories
import Cargo from "./repositories/Cargo";
import Composer from "./repositories/Composer";
@@ -62,7 +63,7 @@
AdminMenu,
General, BomFormats, Email, InternalComponents,
InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer,
- VulnSourceNvd, VulnSourceGitHubAdvisories,
+ VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
Cargo, Composer, Gem, GoModules, Hex, Maven, Npm, Nuget, Python,
Alerts, Templates,
FortifySsc, DefectDojo, KennaSecurity,
diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
new file mode 100644
index 000000000..140d398b4
--- /dev/null
+++ b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -0,0 +1,70 @@
+
+
+
+ 
+
+
+ {{$t('admin.vulnsource_osv_advisories_enable')}}
+
+ {{ $t('admin.vulnsource_osv_advisories_desc') }}
+
+
+
+ {{ $t('message.update') }}
+
+
+
+
+
+
diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue
index d3196e57f..d45c9d40d 100644
--- a/src/views/portfolio/projects/ProjectFindings.vue
+++ b/src/views/portfolio/projects/ProjectFindings.vue
@@ -139,7 +139,7 @@
field: "attribution.analyzerIdentity",
sortable: true,
formatter(value, row, index) {
- return common.formatAnalyzerLabel(row.attribution.analyzerIdentity, row.vulnerability.vulnId,
+ return common.formatAnalyzerLabel(row.attribution.analyzerIdentity, row.vulnerability.source, row.vulnerability.vulnId,
row.attribution.alternateIdentifier, row.attribution.referenceUrl);
}
},