Add Ubuntu ecosystem (#219)

basically title Signed-off-by: Eduardo Barretto <eduardo.barretto@canonical.com>
ossf · Jan 15, 2024 · 705ff28 · 705ff28
1 parent 6f843a1
commit 705ff28
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ This is the repository for the Open Source Vulnerability schema (OSV Schema), wh
 - [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database)
 - [Rocky Linux](https://distro-tools.rocky.page/apollo/openapi/#osv)
 - [Rust Advisory Database](https://github.com/RustSec/advisory-db)
+- [Ubuntu](https://github.com/canonical/ubuntu-security-notices/)
 - [VMWare Photon OS](https://github.com/vmware/photon/wiki/Security-Advisories) (unofficial)
 
 Together, these include vulnerabilities from:
@@ -42,6 +43,7 @@ Together, these include vulnerabilities from:
 -   R (CRAN and Bioconductor)
 -   Rocky Linux
 -   RubyGems
+-   Ubuntu
 
 These vulnerabilites are aggregated by <https://osv.dev>.
 

diff --git a/docs/schema.md b/docs/schema.md
@@ -354,6 +354,17 @@ The defined database prefixes and their "home" databases are:
         </ul>
       </td>
     </tr>
+    <tr>
+      <td><code>USN</code></td>
+      <td><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></td>
+      <td>
+        <ul>
+          <li>How to contribute: TBD</li>
+          <li>Source URL: <code>https://ubuntu.com/security/notices/&lt;ID&gt;</code></li>
+          <li>OSV Formatted URL: <code>https://github.com/canonical/ubuntu-security-notices/blob/main/osv/&lt;ID&gt;.json</code></li>
+        </ul>
+      </td>
+    </tr>
     <tr>
       <td>Your database here</td>
       <td colspan="2"><a href="https://github.com/ossf/osv-schema/compare">Send us a PR</a></td>
@@ -623,6 +634,7 @@ The defined ecosystems are:
 | `Rocky Linux` | The Rocky Linux package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Rocky Linux release. `<RELEASE>` is a numeric version.
 | `RubyGems` | The RubyGems ecosystem; the `name` field is a gem name.  |
 | `SwiftURL` | The Swift Package Manager ecosystem. The `name` is a Git URL to the source of the package. Versions are Git tags that comform to [SemVer 2.0](https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html#version). |
+| `Ubuntu` | The Ubuntu package ecosystem; the `name` field is the name of the source package. The ecosystem string has a `:<RELEASE>` suffix to scope the package to a particular Ubuntu release. `<RELEASE>` is a numeric version as specified in [Ubuntu Releases](https://wiki.ubuntu.com/Releases). Also, the ecosystem string might optionally have a `:Pro:` prefix to Ubuntu Pro (aka Expanded Security Maintenance (ESM)) updates. For example, the ecosystem string "Ubuntu:22.04:LTS" refers to Ubuntu 22.04 LTS (jammy), while "Ubuntu:Pro:18.04:LTS" refers to fixes that landed in Ubuntu 18.04 LTS (bionic) under Ubuntu Pro/ESM.
 | Your ecosystem here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). |
 
 It is permitted for a database name (the DB prefix in the `id` field) and an