Skip to main content

OSV

This Integration is part of the OpenSourceVulnerabilities Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges

Configure OSV in Cortex#

ParameterRequired
Server URL (e.g. https://api.osv.dev)True
Trust any certificate (not secure)
Use system proxy settings

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

osv-get-vuln-by-id#


Return a Vulnerability object for a given OSV ID. All list of vulnerabilities can be found at https://osv.dev/list

Base Command#

osv-get-vuln-by-id

Input#

Argument NameDescriptionRequired
id_The id field is a unique identifier for the vulnerability entry. For example: OSV-2020-111.Required

Context Output#

PathTypeDescription
OSV.Vulnerability.idStringThe `id` field is a unique identifier for the vulnerability entry
OSV.Vulnerability.publishedStringThe RFC3339 timestamp indicating when this entry was published.
OSV.Vulnerability.modifiedStringThe RFC3339 timestamp indicating when this entry was last modified.
OSV.Vulnerability.withdrawnStringThe RFC3339 timestamp indicating when this entry is considered to be withdrawn.
OSV.Vulnerability.summaryStringOne line human readable summary for the vulnerability. It is recommended to keep this under 120 characters.
OSV.Vulnerability.detailsStringAny additional human readable details for the vulnerability.
OSV.Vulnerability.affected.ranges.repoStringApplicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands.
OSV.Vulnerability.affected.ranges.events.introducedStringThe earliest version/commit where this vulnerability was introduced in.
OSV.Vulnerability.affected.ranges.events.fixedStringThe version/commit that this vulnerability was fixed in.
OSV.Vulnerability.affected.ranges.events.limitStringThe limit to apply to the range.
OSV.Vulnerability.references.urlStringReference URL for more details.

osv-query-affected-by-commit#


Query vulnerabilities for a particular project at a given commit

Base Command#

osv-query-affected-by-commit

Input#

Argument NameDescriptionRequired
commitThe commit hash to query for. E.g 6879efc2c1596d11a6a6ad296f80063b558d5e0f.Required

Context Output#

PathTypeDescription
OSV.VulnerabilityList.vulns.idStringThe `id` field is a unique identifier for the vulnerability entry.
OSV.VulnerabilityList.vulns.publishedStringThe RFC3339 timestamp indicating when this entry was published.
OSV.VulnerabilityList.vulns.modifiedStringThe RFC3339 timestamp indicating when this entry was last modified.
OSV.VulnerabilityList.vulns.withdrawnStringThe RFC3339 timestamp indicating when this entry is considered to be withdrawn.
OSV.VulnerabilityList.vulns.summaryStringOne line human readable summary for the vulnerability. It is recommended to keep this under 120 characters.
OSV.VulnerabilityList.vulns.detailsStringAny additional human readable details for the vulnerability.
OSV.VulnerabilityList.vulns.affected.ranges.repoStringApplicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands.
OSV.VulnerabilityList.vulns.affected.ranges.events.introducedStringThe earliest version/commit where this vulnerability was introduced in.
OSV.VulnerabilityList.vulns.affected.ranges.events.fixedStringThe version/commit that this vulnerability was fixed in.
OSV.VulnerabilityList.vulns.affected.ranges.events.limitStringThe limit to apply to the range.
OSV.VulnerabilityList.vulns.references.urlStringReference URL for more details.

osv-query-affected-by-package#


Query vulnerabilities for a particular project based on package name and verion

Base Command#

osv-query-affected-by-package

Input#

Argument NameDescriptionRequired
versionThe version string to query for. A fuzzy match is done against upstream versions. Eg. 3.3.0.Required
packageNameThe name of the package/project to query for. Eg. django-tinymce.Required
ecosystemThe ecosystem of the package. Eg. PyPI.Optional

Context Output#

PathTypeDescription
OSV.VulnerabilityList.vulns.idstringThe `id` field is a unique identifier for the vulnerability entry.
OSV.VulnerabilityList.vulns.publishedstringThe RFC3339 timestamp indicating when this entry was published.
OSV.VulnerabilityList.vulns.modifiedstringThe RFC3339 timestamp indicating when this entry was last modified.
OSV.VulnerabilityList.vulns.withdrawnstringThe RFC3339 timestamp indicating when this entry is considered to be withdrawn.
OSV.VulnerabilityList.vulns.summarystringOne line human readable summary for the vulnerability. It is recommended to keep this under 120 characters.
OSV.VulnerabilityList.vulns.detailsstringAny additional human readable details for the vulnerability.
OSV.VulnerabilityList.vulns.affected.ranges.repostringApplicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands.
OSV.VulnerabilityList.vulns.affected.ranges.events.introducedstringThe earliest version/commit where this vulnerability was introduced in.
OSV.VulnerabilityList.vulns.affected.ranges.events.fixedstringThe version/commit that this vulnerability was fixed in.
OSV.VulnerabilityList.vulns.affected.ranges.events.limitstringThe limit to apply to the range.
OSV.VulnerabilityList.vulns.references.urlstringReference URL for more details.