Add Mageia ecosystem (#235)

ossf · Apr 16, 2024 · 431c0b7 · 431c0b7
1 parent b053903
commit 431c0b7
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -10,6 +10,7 @@ This is the repository for the Open Source Vulnerability schema (OSV Schema), wh
 - [Haskell Security Advisories](https://github.com/haskell/security-advisories)
 - [LoopBack Advisory Database](https://github.com/loopbackio/security/tree/main/advisories)
 - [Malicious Packages Repository](https://github.com/ossf/malicious-packages)
+- [Mageia Advisories](https://advisories.mageia.org/)
 - [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns)
 - [OSV.dev maintained converters](https://github.com/google/osv.dev#current-data-sources) (Debian, Alpine, NVD)
 - [PyPI Advisory Database](https://github.com/pypa/advisory-database)
@@ -32,6 +33,7 @@ Together, these include vulnerabilities from:
 -   Haskell
 -   Hex
 -   Linux kernel
+-   Mageia
 -   Maven
 -   npm
 -   NuGet

diff --git a/docs/schema.md b/docs/schema.md
@@ -8,7 +8,7 @@ aside:
 show_edit_on_github: true
 ---
 
-**Version 1.6.3 (April 5, 2024)**
+**Version 1.6.4 (April 11, 2024)**
 
 Original authors:
 - Oliver Chang ([email protected])
@@ -277,6 +277,17 @@ The defined database prefixes and their "home" databases are:
         </ul>
       </td>
     </tr>
+    <tr>
+      <td><code>MGASA</code></td>
+      <td><a href="https://advisories.mageia.org/">Mageia Security Advisories</a></td>
+      <td>
+        <ul>
+          <li>How to contribute: <code>TBD</code></li>
+          <li>Source URL: <code>https://advisories.mageia.org/&lt;ID&gt;.html</code></li>
+          <li>OSV Formatted URL: <code>https://advisories.mageia.org/&lt;ID&gt;.json</code></li>
+        </ul>
+      </td>
+    </tr>
     <tr>
       <td><code>MAL</code></td>
       <td><a href="https://github.com/ossf/malicious-packages/tree/main/osv/">Malicious Packages Repository</a></td>
@@ -634,6 +645,7 @@ The defined ecosystems are:
 | `Hackage` | The Haskell package ecosystem. The `name` field is a Haskell package name as published on Hackage.  |
 | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name.  |
 | `Linux` | The Linux kernel. The only supported `name` is `Kernel`. |
+| `Mageia` | The Mageia Linux package ecosystem; the `name` is the name of the source package. The ecosystem string must have a `:<RELEASE-NUMBER>` suffix to scope the package to a particular Mageia release. Eg `Mageia:9`. |
 | `Maven` | The Maven Java package ecosystem. The `name` field is a Maven package name in the format `groupId:artifactId`. The ecosystem string might optionally have a `:<REMOTE-REPO-URL>` suffix to denote the remote repository URL that best represents the source of truth for this package, without a trailing slash (e.g. `Maven:https://maven.google.com`). If this is omitted, this is assumed to be the Maven Central repository (`https://repo.maven.apache.org/maven2`).
 | `npm` | The NPM ecosystem; the `name` field is an NPM package name.  |
 | `NuGet` | The NuGet package ecosystem. The `name` field is a NuGet package name.  |