Add support for git ecosystem #657
Comments
|
Currently not supported by renovate. Adding git as an ecosystem here isn't enough either, since the query interface is tailored to PURL-based ecosystems: osv-offline/packages/osv-offline-db/src/lib/db.ts Lines 35 to 38 in bd2ceb4 |
|
So this would need additional changes in 1. OSV to support packageurl for git releases 2. renovate to query osv for the git- datasources? |
|
Not exactly. PURL identifiers are designed to work only with package based ecosystems (maven, npm, go, ...), so this OSV interface would need a new git-tailored query interface. That's the easy part. More effort are the changes in renovate because unlike checking just if version A < version B, for git it would need to traverse the whole commit graph of a repo to check if a commit is in a vulnerable range of commits. |
Is there anything blocking support for the GIT ecosystem (and therefore also git- related datasources in renovate)?
It should be as simple as adding it to the list of ecosystems in
osv-offline/packages/osv-offline-db/src/lib/ecosystem.ts
Line 2 in bd2ceb4
The text was updated successfully, but these errors were encountered: