https://github.com/ninoseki/mihama

osv.dev API clone
https://github.com/ninoseki/mihama

cyclonedx osv sbom spdx

Last synced: 21 days ago
JSON representation

osv.dev API clone

• Host: GitHub
• URL: https://github.com/ninoseki/mihama
• Owner: ninoseki
• License: mit
• Created: 2022-09-10T00:38:04.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-17T04:02:58.000Z (9 months ago)
• Last Synced: 2024-10-18T08:52:45.627Z (7 months ago)
• Topics: cyclonedx, osv, sbom, spdx
• Language: Python
• Homepage:
• Size: 1.61 MB
• Stars: 6
• Watchers: 2
• Forks: 0
• Open Issues: 11
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# mihama

An [osv.dev](https://osv.dev/) clone for on-premise usage with extra features.

## Why?

[google/osv.dev](https://github.com/google/osv.dev) is an OSS project. But it's tightly coupled with GCP. It makes it difficult to deploy your own osv.dev if you are not a GCP user.

## Overview

```mermaid

flowchart LR

    FastAPI --> Elasticsearch[(Elasticsearch)]

    ARQ --> Elasticsearch

    ARQ --> Redis

    ARQ --> OSV-data-sources[(OSV data sources)]

```

- Elasticsearch as a database

- FastAPI as an backend API

- ARQ as a job queue (for periodic OSV data updates)

  - Redis is required to run ARQ.

- OSV data sources:

  - [google/osv.dev](https://github.com/google/osv.dev)

  - [ossf/malicious-packages](https://github.com/ossf/malicious-packages)

## Extra Features

- Query by [CycloneDX](https://cyclonedx.org/) SBOM

- Query by [SPDX](https://spdx.dev/) SBOM

## Known Limitations

- Query by `commit` is not supported.

## Docs

- [Installation](https://github.com/ninoseki/mihama/wiki/Installation)

- [CLI](https://github.com/ninoseki/mihama/wiki/CLI)