Skip to content

audit: Remove VuXML from audit and add OSV code#2558

Open
illuusio wants to merge 8 commits intofreebsd:mainfrom
illuusio:osvf-audit
Open

audit: Remove VuXML from audit and add OSV code#2558
illuusio wants to merge 8 commits intofreebsd:mainfrom
illuusio:osvf-audit

Conversation

@illuusio
Copy link
Copy Markdown
Contributor

@illuusio illuusio commented Nov 12, 2025
edited
Loading

Remove VuXML from code and add OSV JSON code. Code makes sure that there should be drop-in placement compatibility.

Before merging there should be ready:

  • VuXML code remove
  • OSVf reading and checking
  • Update pkg config keys (OSVF_SITE and VUXML_SITE)
  • Update Testcases for pkg audit
  • Remove not needed external/yxml as it not anywhere than pkg_audio.c
  • Update OSV schema validation to have correct released osv-schema.
  • OSV FreeBSD vulnerability database released
  • Change testing OSVF_SITE url to correct one

Testing OSV database can be found from: freebsd-osv.json

As FreeBSD OSV database ain't yet release this commit is WIP and should not be merged.

@illuusio illuusio force-pushed the osvf-audit branch 5 times, most recently from 7d2aaf5 to 1abc347 Compare November 19, 2025 12:45
@illuusio illuusio force-pushed the osvf-audit branch 5 times, most recently from bdcab12 to bb6e5b9 Compare December 15, 2025 10:36
illuusio added 8 commits May 7, 2026 12:43
@illuusio
audit: Remove VuXML from audit and add OSV code
66a689b 
Remove VuXML from code and add OSV JSON code. Code
makes sure that there should be drop-in placement
compatibility.

Update OSV-schema to official one

As FreeBSD OSV database ain't yet release this
commit is WIP and should not be merged.
@illuusio
audit: Fixing testcases to work with OSV
f43576d 
Fixing testcases to work with OSV and some changes
that had to be made to come along with real world.
@illuusio
audit: Remove yxml
7a98fea 
Remove yxml as it no currently used anywhere. VuXML which was only
user for yxml is replaced with OSVf which uses libucl.
@illuusio
scripts/completion/_pkg.in: Remove vuln.xml from completion
785a88d 
Update completion that is does not contain vuln.xml anymore
but correct freebsd-osv.json
@illuusio
scripts/periodic/405.pkg-base-audit.in: Remove vuln.xml
4466f5d 
Remove vuln.xml and replace with correct freebsd-osv.json
@illuusio
scripts/periodic/410.pkg-audit.in: Remove vuln.xml
6d218db 
Remove vuln.xml and replace with correct freebsd-osv.json
@illuusio
manpages: Replace vuln.xml with freebsd-osv.json
4796dd9 
Update manpages which contains vuln.xml with
freebsd-osv.json
@illuusio
src/pkg.conf.sample: Add OSVF_SITE to config
a41fb4e 
Replace VULNXML_SITE with OSVF_SITE in pkg.conf.sample
@illuusio
Copy link
Copy Markdown
Contributor Author

illuusio commented May 7, 2026

Rebased to latest version. Ported old VuXML tests as they were so they are converted form XML to JSON and all they pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@illuusio