DependencyTrack · nscuro · Jul 24, 2022 · Jun 15, 2022 · Jun 15, 2022 · Jun 16, 2022
diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss
@@ -104,6 +104,10 @@
   background-color: #D4BBF7;
   border: 1px solid #A66AF7;
 }
+.label-source-google {
+  background-color: #f7bbdc;
+  border: 1px solid #cc668a;
+}
 .label-source-internal {
   background-color: #EBE5A8;
   border: 1px solid #DCD167;

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -384,6 +384,7 @@
     "nvd": "NVD",
     "national_vulnerability_database": "National Vulnerability Database",
     "github_advisories": "GitHub Advisories",
+    "osv_advisories": "Google OSV Advisories",
     "repositories": "Repositories",
     "cargo": "Cargo",
     "composer": "Composer",
@@ -445,6 +446,8 @@
     "vulnsource_nvd_feeds_url": "NVD Feeds URL",
     "vulnsource_github_advisories_enable": "Enable GitHub Advisory mirroring",
     "vulnsource_github_advisories_desc": "GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes need to be assigned to it.",
+    "vulnsource_osv_advisories_enable": "Enable Google OSV Advisory mirroring",
+    "vulnsource_osv_advisories_desc": "Google OSV is a distributed vulnerability and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. It serves as an aggregator of vulnerability databases that have adopted the OpenSSF Vulnerability format.",
     "registered_email_address": "Registered email address",
     "api_token": "API token",
     "consumer_key": "Consumer key",

diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
@@ -97,6 +97,11 @@
                 component: "VulnSourceGitHubAdvisories",
                 name: this.$t('admin.github_advisories'),
                 href: "#vulnsourceGitHubAdvisoriesTab"
+              },
+              {
+                component: "VulnSourceOSVAdvisories",
+                name: this.$t('admin.osv_advisories'),
+                href: "#vulnsourceOSVAdvisoriesTab"
               }
             ]
           },

diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
@@ -30,6 +30,7 @@
   // Vulnerability sources
   import VulnSourceNvd from "./vuln-sources/VulnSourceNvd";
   import VulnSourceGitHubAdvisories from "./vuln-sources/VulnSourceGitHubAdvisories";
+  import VulnSourceOSVAdvisories from "./vuln-sources/VulnSourceOSVAdvisories";
   // Repositories
   import Cargo from "./repositories/Cargo";
   import Composer from "./repositories/Composer";
@@ -62,7 +63,7 @@
       AdminMenu,
       General, BomFormats, Email, InternalComponents,
       InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer,
-      VulnSourceNvd, VulnSourceGitHubAdvisories,
+      VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
       Cargo, Composer, Gem, GoModules, Hex, Maven, Npm, Nuget, Python,
       Alerts, Templates,
       FortifySsc, DefectDojo, KennaSecurity,

diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -0,0 +1,69 @@
+<template>
+  <b-card no-body :header="header">
+    <b-card-body>
+      <hr/>
+      <c-switch
+        color="primary"
+        id="vulnsourceEnabled"
+        label
+        v-bind="labelIcon"
+        v-model="vulnsourceEnabled"
+      />
+      {{$t('admin.vulnsource_osv_advisories_enable')}}
+      <hr/>
+      {{ $t('admin.vulnsource_osv_advisories_desc') }}
+    </b-card-body>
+    <b-card-footer>
+      <b-button
+        @click="saveChanges"
+        class="px-4"
+        variant="outline-primary">
+          {{ $t('message.update') }}
+      </b-button>
+    </b-card-footer>
+  </b-card>
+</template>
+
+<script>
+import { Switch as cSwitch } from '@coreui/vue';
+import common from "../../../shared/common";
+import configPropertyMixin from "../mixins/configPropertyMixin";
+
+export default {
+  mixins: [configPropertyMixin],
+  props: {
+    header: String
+  },
+  components: {
+    cSwitch
+  },
+  data() {
+    return {
+      vulnsourceEnabled: false,
+      labelIcon: {
+        dataOn: '\u2713',
+        dataOff: '\u2715'
+      },
+    }
+  },
+  methods: {
+    saveChanges: function() {
+      this.updateConfigProperties([
+        {groupName: 'vuln-source', propertyName: 'google.osv.enabled', propertyValue: this.vulnsourceEnabled}
+      ]);
+    }
+  },
+  created () {
+    this.axios.get(this.configUrl).then((response) => {
+      let configItems = response.data.filter(function (item) { return item.groupName === "vuln-source" });
+      for (let i=0; i<configItems.length; i++) {
+        let item = configItems[i];
+        switch (item.propertyName) {
+          case "google.osv.enabled":
+            this.vulnsourceEnabled = common.toBoolean(item.propertyValue); break;
+        }
+      }
+    });
+  }
+}
+</script>