osv

package

v0.11.5 Latest Latest Go to latest Published: Feb 5, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/git-pkgs/git-pkgs

Links

Open Source Insights

Documentation ¶

Overview ¶

Package osv provides a client for the OSV (Open Source Vulnerabilities) API.

Index ¶

Constants
func GetFixedVersion(affected Affected) string
func GetSeverityLevel(v *Vulnerability) string
func IsVersionAffected(affected Affected, version string) bool
type Affected
type BatchQueryRequest
type BatchQueryResponse
type Client
- func NewClient() *Client
type Event
type Package
type QueryRequest
type QueryResponse
type Range
type Reference
type Severity
type Vulnerability

Constants ¶

View Source

const (
	DefaultAPIURL  = "https://api.osv.dev/v1"
	DefaultTimeout = 30 * time.Second
)

Variables ¶

This section is empty.

Functions ¶

func GetFixedVersion ¶

func GetFixedVersion(affected Affected) string

GetFixedVersion returns the fixed version for an affected entry, if available.

func GetSeverityLevel ¶

func GetSeverityLevel(v *Vulnerability) string

GetSeverityLevel returns a normalized severity level from a vulnerability.

func IsVersionAffected ¶

func IsVersionAffected(affected Affected, version string) bool

IsVersionAffected checks if a specific version is affected by the vulnerability.

Types ¶

type Affected ¶

type Affected struct {
	Package           Package        `json:"package"`
	Ranges            []Range        `json:"ranges,omitempty"`
	Versions          []string       `json:"versions,omitempty"`
	EcosystemSpecific map[string]any `json:"ecosystem_specific,omitempty"`
	DatabaseSpecific  map[string]any `json:"database_specific,omitempty"`
}

Affected describes which package versions are affected.

type BatchQueryRequest ¶

type BatchQueryRequest struct {
	Queries []QueryRequest `json:"queries"`
}

BatchQueryRequest is a request to query multiple packages.

type BatchQueryResponse ¶

type BatchQueryResponse struct {
	Results []QueryResponse `json:"results"`
}

BatchQueryResponse is the response from a batch query.

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is an OSV API client.

func NewClient ¶

func NewClient() *Client

NewClient creates a new OSV API client.

func (*Client) BatchQuery ¶

func (c *Client) BatchQuery(ctx context.Context, queries []QueryRequest) ([][]Vulnerability, error)

BatchQuery queries for vulnerabilities affecting multiple packages.

func (*Client) GetVulnerability ¶

func (c *Client) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)

GetVulnerability fetches a specific vulnerability by ID.

func (*Client) Query ¶

func (c *Client) Query(ctx context.Context, ecosystem, name, version string) ([]Vulnerability, error)

Query queries for vulnerabilities affecting a specific package version.

type Event ¶

type Event struct {
	Introduced   string `json:"introduced,omitempty"`
	Fixed        string `json:"fixed,omitempty"`
	LastAffected string `json:"last_affected,omitempty"`
	Limit        string `json:"limit,omitempty"`
}

Event is a version event (introduced, fixed, etc).

type Package ¶

type Package struct {
	Ecosystem string `json:"ecosystem"`
	Name      string `json:"name"`
	PURL      string `json:"purl,omitempty"`
}

Package identifies a package.

type QueryRequest ¶

type QueryRequest struct {
	Commit  string  `json:"commit,omitempty"`
	Version string  `json:"version,omitempty"`
	Package Package `json:"package,omitempty"`
}

QueryRequest is a request to query vulnerabilities.

type QueryResponse ¶

type QueryResponse struct {
	Vulns []Vulnerability `json:"vulns,omitempty"`
}

QueryResponse is the response from a query.

type Range ¶

type Range struct {
	Type   string  `json:"type"`
	Events []Event `json:"events,omitempty"`
}

Range describes a version range.

type Reference ¶

type Reference struct {
	Type string `json:"type"`
	URL  string `json:"url"`
}

Reference is a link to more information about a vulnerability.

type Severity ¶

type Severity struct {
	Type  string `json:"type"`
	Score string `json:"score"`
}

Severity describes the severity of a vulnerability.

type Vulnerability ¶

type Vulnerability struct {
	ID               string         `json:"id"`
	Summary          string         `json:"summary,omitempty"`
	Details          string         `json:"details,omitempty"`
	Aliases          []string       `json:"aliases,omitempty"`
	Modified         time.Time      `json:"modified"`
	Published        time.Time      `json:"published"`
	References       []Reference    `json:"references,omitempty"`
	Affected         []Affected     `json:"affected,omitempty"`
	Severity         []Severity     `json:"severity,omitempty"`
	DatabaseSpecific map[string]any `json:"database_specific,omitempty"`
}

Vulnerability represents an OSV vulnerability.

Source Files ¶

View all Source files

client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL