{"id":48940021,"url":"https://github.com/scanoss/vulnerabilities","last_synced_at":"2026-04-17T13:12:04.580Z","repository":{"id":312295087,"uuid":"516003242","full_name":"scanoss/vulnerabilities","owner":"scanoss","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-31T07:59:31.000Z","size":29386,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-31T09:46:21.856Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scanoss.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-07-20T13:56:44.000Z","updated_at":"2026-03-02T18:01:20.000Z","dependencies_parsed_at":"2025-09-29T18:33:45.206Z","dependency_job_id":"1ef68b35-2e01-4bdd-a896-e45c03cc4930","html_url":"https://github.com/scanoss/vulnerabilities","commit_stats":null,"previous_names":["scanoss/vulnerabilities"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/scanoss/vulnerabilities","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fvulnerabilities","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fvulnerabilities/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fvulnerabilities/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fvulnerabilities/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scanoss","download_url":"https://codeload.github.com/scanoss/vulnerabilities/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fvulnerabilities/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31930259,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-17T12:37:54.787Z","status":"ssl_error","status_checked_at":"2026-04-17T12:37:25.095Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-17T13:12:03.834Z","updated_at":"2026-04-17T13:12:04.575Z","avatar_url":"https://github.com/scanoss.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SCANOSS Platform 2.0 Vulnerabilities\n\nWelcome to the vulnerabilities server for SCANOSS Platform 2.0. The aim of this project is to provide access to vulnerabilities mined at SCANOSS Knowledge Base.\n\n\n## Service Description\n\nThe SCANOSS Vulnerabilities Service provides comprehensive vulnerability information for software components through both gRPC and REST APIs. The service enables developers and security teams to:\n\n- Query vulnerabilities for software components using PURLs (Package URLs)\n- Retrieve CPE (Common Platform Enumeration) identifiers\n- Access detailed vulnerability data including CVE information and CVSS scores\n- Process single components or batch requests\n- Integrate vulnerability scanning into CI/CD pipelines\n\n## Repository Structure\n\nThis repository is made up of the following components:\n- **cmd/server** - Main server application entry point\n- **cmd/cli** - Command-line interface tool\n- **pkg/service** - gRPC service implementations\n- **pkg/protocol** - REST and gRPC protocol handlers\n- **pkg/usecase** - Business logic and use cases\n- **pkg/models** - Database models and data structures\n- **pkg/adapters** - Data transformation adapters\n- **config** - Configuration files for different environments\n\n## Configuration\n\nEnvironmental variables are configured in this order:\n.env → env.json → Actual Environment Variable\n\nKey configuration options:\n```\nAPP_NAME=\"SCANOSS Vulnerability Server\"\nAPP_PORT=50052\nAPP_MODE=dev\nAPP_DEBUG=false\n\nDB_DRIVER=postgres\nDB_HOST=localhost\nDB_USER=scanoss\nDB_PASSWD=\nDB_SCHEMA=vulnerabilities\nDB_SSL_MODE=disable\n\n# Vulnerability data sources\nOSV_ENABLED=true                    # Enable/disable OSV (Open Source Vulnerabilities) database\nOSV_API_BASE_URL=https://api.osv.dev/v1\nOSV_VULNERABILITY_INFO_BASE_URL=https://osv.dev/vulnerability\n\nSCANOSS_ENABLED=true                # Enable/disable SCANOSS vulnerability database\n```\n\n## Docker Environment\n\nThe vulnerability server can be deployed as a Docker container.\n\n### How to Build\nBuild the Docker image:\n```\nmake docker-build\n```\n\n### How to Run\nRun the Docker image, exposing necessary ports and configuration:\n```\ndocker run -it -v \"$(pwd)\":\"$(pwd)\" -p 50052:50052 ghcr.io/scanoss/vulnerabilities -json-config $(pwd)/config/app-config-docker-local-dev.json -debug\n```\n\n## Development\n\nRun locally:\n```\ngo run cmd/server/main.go -json-config config/app-config-dev.json -debug\n```\n\nAfter changing versions:\n```\ngo mod tidy -compat=1.24\n```\n\n## Bugs/Features\n\nTo request features or report bugs, please use the project's GitHub Issues.\n\n## Changelog\n\nDetails of major changes can be found in CHANGELOG.md. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fvulnerabilities","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscanoss%2Fvulnerabilities","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fvulnerabilities/lists"}