Skip to content

Add a files property to the package#532

Open
gregkh wants to merge 1 commit intoossf:mainfrom
gregkh:main
Open

Add a files property to the package#532
gregkh wants to merge 1 commit intoossf:mainfrom
gregkh:main

Conversation

@gregkh
Copy link
Copy Markdown

@gregkh gregkh commented Mar 18, 2026

All packages should have the ability to list the affected files in them for a specific vulnerability to make it easier to programmatically filter out vulnerabilities for where the user does not even build the affected files into their image.

@gregkh
Add a files property to the package
4258b08 
All packages should have the ability to list the affected files in them
for a specific vulnerability to make it easier to programmatically
filter out vulnerabilities for where the user does not even build the
affected files into their image.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
@another-rex
Copy link
Copy Markdown
Collaborator

another-rex commented Mar 19, 2026

I agree we definitely want to add this as a structured field.

Though I think we need to have it in a more general field like what's proposed in #501 , as files probably doesn't apply as much when talking about language packages, where the boundary is more on either functions or modules.

I'll add this to the next osv-schema meeting as a topic to discuss.

@gregkh
Copy link
Copy Markdown
Author

gregkh commented Mar 19, 2026

functions and modules were what I was going to propose next, they are all good things to have. I was just going to do one at at time, but can include them all as a patch series if you feel it would be acceptable that way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gregkh @another-rex