{"id":17182395,"url":"https://github.com/simoncropp/ossindexclient","last_synced_at":"2025-04-13T17:52:39.673Z","repository":{"id":42576047,"uuid":"238831932","full_name":"SimonCropp/OssIndexClient","owner":"SimonCropp","description":"A .net client for OSSIndex (https://ossindex.sonatype.org/)","archived":false,"fork":false,"pushed_at":"2025-04-09T00:41:22.000Z","size":592,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-12T01:26:16.306Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SimonCropp.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"license.txt","code_of_conduct":"code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"SimonCropp"}},"created_at":"2020-02-07T03:00:18.000Z","updated_at":"2025-04-09T00:41:26.000Z","dependencies_parsed_at":"2024-01-10T03:29:07.802Z","dependency_job_id":"7fe3369f-afa5-4ed1-8dfe-e4fe76bd88bb","html_url":"https://github.com/SimonCropp/OssIndexClient","commit_stats":{"total_commits":565,"total_committers":4,"mean_commits":141.25,"dds":0.5221238938053097,"last_synced_commit":"b25c6a713eb23da7797e19c2981478fe1296b6fd"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimonCropp%2FOssIndexClient","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimonCropp%2FOssIndexClient/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimonCropp%2FOssIndexClient/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimonCropp%2FOssIndexClient/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SimonCropp","download_url":"https://codeload.github.com/SimonCropp/OssIndexClient/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248758449,"owners_count":21156957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T00:36:59.323Z","updated_at":"2025-04-13T17:52:39.646Z","avatar_url":"https://github.com/SimonCropp.png","language":"C#","funding_links":["https://github.com/sponsors/SimonCropp"],"categories":[],"sub_categories":[],"readme":"# \u003cimg src=\"/src/icon.png\" height=\"30px\"\u003e OssIndexClient\n\n[![Build status](https://ci.appveyor.com/api/projects/status/41kf6ll7dbad35px?svg=true)](https://ci.appveyor.com/project/SimonCropp/ossindexclient)\n[![NuGet Status](https://img.shields.io/nuget/v/OssIndexClient.svg)](https://www.nuget.org/packages/OssIndexClient/)\n\nA .net client for OSSIndex (https://ossindex.sonatype.org/).\n\n**See [Milestones](../../milestones?state=closed) for release notes.**\n\n\n## NuGet package\n\nhttps://nuget.org/packages/OssIndexClient/\n\n\n## Usage\n\n### Getting a report\n\n\u003c!-- snippet: GetReport --\u003e\n\u003ca id='snippet-GetReport'\u003e\u003c/a\u003e\n```cs\nusing var ossIndexClient = new OssIndex();\nvar report = await ossIndexClient.GetReport(\n    new(\n        ecoSystem: EcoSystem.nuget,\n        name: \"System.Net.Http\",\n        version: \"4.3.1\"));\n\nforeach (var vulnerability in report.Vulnerabilities)\n{\n    Debug.WriteLine(vulnerability.Title);\n}\n```\n\u003csup\u003e\u003ca href='/src/Tests/Tests.cs#L53-L67' title='Snippet source file'\u003esnippet source\u003c/a\u003e | \u003ca href='#snippet-GetReport' title='Start of snippet'\u003eanchor\u003c/a\u003e\u003c/sup\u003e\n\u003c!-- endSnippet --\u003e\n\n\n### Getting multiple reports\n\n\u003c!-- snippet: GetReports --\u003e\n\u003ca id='snippet-GetReports'\u003e\u003c/a\u003e\n```cs\nusing var ossIndexClient = new OssIndex();\nvar reports = await ossIndexClient.GetReports(\n    new(\n        ecoSystem: EcoSystem.nuget,\n        name: \"System.Net.Http\",\n        version: \"4.3.1\"),\n    new(\n        ecoSystem: EcoSystem.npm,\n        name: \"jquery\",\n        version: \"1.11.3\"));\nforeach (var report in reports)\n{\n    foreach (var vulnerability in report.Vulnerabilities)\n    {\n        Debug.WriteLine(vulnerability.Title);\n    }\n}\n```\n\u003csup\u003e\u003ca href='/src/Tests/Tests.cs#L25-L45' title='Snippet source file'\u003esnippet source\u003c/a\u003e | \u003ca href='#snippet-GetReports' title='Start of snippet'\u003eanchor\u003c/a\u003e\u003c/sup\u003e\n\u003c!-- endSnippet --\u003e\n\n\n### Example report contents\n\n\u003c!-- snippet: Tests.GetReport.verified.txt --\u003e\n\u003ca id='snippet-Tests.GetReport.verified.txt'\u003e\u003c/a\u003e\n```txt\n{\n  EcoSystem: nuget,\n  Name: System.Net.Http,\n  Version: 4.3.1,\n  Description: This package provides a programming interface for modern HTTP applications. This package includes HttpClient for sending requests over HTTP, as well as HttpRequestMessage and HttpResponseMessage for processing HTTP messages.,\n  Reference: https://ossindex.sonatype.org/component/pkg:nuget/System.Net.Http@4.3.1?utm_source=ossindexclient\u0026utm_medium=integration,\n  Vulnerabilities: [\n    {\n      Id: CVE-2017-0248,\n      Title: [CVE-2017-0248] CWE-295: Improper Certificate Validation,\n      Description: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka \".NET Security Feature Bypass Vulnerability.\",\n      CvssScore: 7.5,\n      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,\n      Cve: CVE-2017-0248,\n      Cwe: CWE-295,\n      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0248?component-type=nuget\u0026component-name=System.Net.Http\u0026utm_source=ossindexclient\u0026utm_medium=integration,\n      ExternalReferences: [\n        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0248,\n        https://github.com/dotnet/corefx/issues/19535,\n        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248\n      ]\n    },\n    {\n      Id: CVE-2017-0249,\n      Title: [CVE-2017-0249] CWE-20: Improper Input Validation,\n      Description: An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,\n      CvssScore: 7.3,\n      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,\n      Cve: CVE-2017-0249,\n      Cwe: CWE-20,\n      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0249?component-type=nuget\u0026component-name=System.Net.Http\u0026utm_source=ossindexclient\u0026utm_medium=integration,\n      ExternalReferences: [\n        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0249,\n        https://github.com/aspnet/Announcements/issues/239\n      ]\n    },\n    {\n      Id: CVE-2017-0256,\n      Title: [CVE-2017-0256] CWE-20: Improper Input Validation,\n      Description: A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,\n      CvssScore: 5.3,\n      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,\n      Cve: CVE-2017-0256,\n      Cwe: CWE-20,\n      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0256?component-type=nuget\u0026component-name=System.Net.Http\u0026utm_source=ossindexclient\u0026utm_medium=integration,\n      ExternalReferences: [\n        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0256,\n        https://github.com/aspnet/Announcements/issues/239\n      ]\n    },\n    {\n      Id: CVE-2018-8292,\n      Title: [CVE-2018-8292] CWE-200: Information Exposure,\n      Description: An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.,\n      CvssScore: 7.5,\n      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,\n      Cve: CVE-2018-8292,\n      Cwe: CWE-200,\n      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2018-8292?component-type=nuget\u0026component-name=System.Net.Http\u0026utm_source=ossindexclient\u0026utm_medium=integration,\n      ExternalReferences: [\n        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8292,\n        https://github.com/dotnet/announcements/issues/88,\n        https://github.com/dotnet/corefx/issues/32730\n      ]\n    }\n  ]\n}\n```\n\u003csup\u003e\u003ca href='/src/Tests/Tests.GetReport.verified.txt#L1-L67' title='Snippet source file'\u003esnippet source\u003c/a\u003e | \u003ca href='#snippet-Tests.GetReport.verified.txt' title='Start of snippet'\u003eanchor\u003c/a\u003e\u003c/sup\u003e\n\u003c!-- endSnippet --\u003e\n\n\n## Package Ecosystems\n\nThe supported [OSSIndex Package Ecosystems](https://ossindex.sonatype.org/doc/coordinates) are represented by an enum.\n\n\u003c!-- snippet: EcoSystem --\u003e\n\u003ca id='snippet-EcoSystem'\u003e\u003c/a\u003e\n```cs\npublic enum EcoSystem\n{\n    /// \u003csummary\u003ehttps://alpinelinux.org\u003c/summary\u003e\n    alpine,\n\n    /// \u003csummary\u003ehttps://bower.io\u003c/summary\u003e\n    bower,\n\n    /// \u003csummary\u003ehttps://crates.io\u003c/summary\u003e\n    cargo,\n\n    /// \u003csummary\u003ehttps://chocolatey.org\u003c/summary\u003e\n    chocolatey,\n\n    /// \u003csummary\u003ehttps://clojars.org\u003c/summary\u003e\n    clojars,\n\n    /// \u003csummary\u003ehttps://getcomposer.org\u003c/summary\u003e\n    composer,\n\n    /// \u003csummary\u003ehttps://conan.io\u003c/summary\u003e\n    conan,\n\n    /// \u003csummary\u003ehttps://conda.io\u003c/summary\u003e\n    conda,\n\n    /// \u003csummary\u003ehttps://cran.r-project.org\u003c/summary\u003e\n    cran,\n\n    /// \u003csummary\u003ehttps://www.debian.org\u003c/summary\u003e\n    deb,\n\n    /// \u003csummary\u003ehttps://www.drupal.org\u003c/summary\u003e\n    drupal,\n\n    /// \u003csummary\u003ehttps://golang.org/pkg\u003c/summary\u003e\n    golang,\n\n    /// \u003csummary\u003ehttps://maven.apache.org\u003c/summary\u003e\n    maven,\n\n    /// \u003csummary\u003ehttps://www.npmjs.com\u003c/summary\u003e\n    npm,\n\n    /// \u003csummary\u003ehttps://www.nuget.org\u003c/summary\u003e\n    nuget,\n\n    /// \u003csummary\u003ehttps://pypi.org\u003c/summary\u003e\n    pypi,\n\n    /// \u003csummary\u003ehttps://rpm.org\u003c/summary\u003e\n    rpm,\n\n    /// \u003csummary\u003ehttps://rubygems.org\u003c/summary\u003e\n    gem,\n}\n```\n\u003csup\u003e\u003ca href='/src/OssIndexClient/EcoSystem.cs#L7-L66' title='Snippet source file'\u003esnippet source\u003c/a\u003e | \u003ca href='#snippet-EcoSystem' title='Start of snippet'\u003eanchor\u003c/a\u003e\u003c/sup\u003e\n\u003c!-- endSnippet --\u003e\n\n\n## Notes\n\n * https://ossindex.sonatype.org/api/v3/component-report/pkg:nuget/System.Net.Http@4.3.1\n\n\n## Icon\n\n[Security](https://thenounproject.com/term/security/1264523/) designed by [Made](https://thenounproject.com/elki/) from [The Noun Project](https://thenounproject.com/creativepriyanka).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimoncropp%2Fossindexclient","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimoncropp%2Fossindexclient","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimoncropp%2Fossindexclient/lists"}