Skip to content

feat: Handle Chainguard OSV used for the grypedb build.#3255

Draft
vaikas wants to merge 1 commit intoanchore:mainfrom
vaikas:chainguard-osv-transformer
Draft

feat: Handle Chainguard OSV used for the grypedb build.#3255
vaikas wants to merge 1 commit intoanchore:mainfrom
vaikas:chainguard-osv-transformer

Conversation

@vaikas
Copy link

@vaikas vaikas commented Feb 28, 2026
edited
Loading

As part of moving to OSV for Chainguard feed, this adds the transformer for it. There is another PR that I'll link in vunnel for it shortly and x-link them.

I think we need this: anchore/vunnel#1082 to land first

@vaikas vaikas marked this pull request as draft February 28, 2026 01:58
This was referenced Feb 28, 2026
Draft
Draft
@vaikas
feat: Handle Chainguard OSV used for the grypedb build.
aa93bbd 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas force-pushed the chainguard-osv-transformer branch from dc7d4fd to aa93bbd Compare March 2, 2026 18:33
vaikas
vaikas commented Mar 2, 2026
View reviewed changes
grype/db/v6/build/transformers/osv/transform.go
if isAdvisory {
aliases = append(aliases, vulnerability.Related...)
} else if strings.HasPrefix(vulnerability.ID, "CGA-") {
// Chainguard CGA records put CVE/GHSA IDs in "related" rather than "aliases"
Copy link
Author

@vaikas vaikas Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what we do today (related), I'd like to make sure this is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vaikas