Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for Lowercase ( even Space-Free ) Abbreviation for Query API Eco Name #2300

Closed
edwinjhlee opened this issue Jun 1, 2024 · 4 comments
Closed

Request for Lowercase ( even Space-Free ) Abbreviation for Query API Eco Name #2300

edwinjhlee opened this issue Jun 1, 2024 · 4 comments
Labels
api API-related infrastructure enhancement New feature or request

Comments

@edwinjhlee
Copy link
Contributor

edwinjhlee commented Jun 1, 2024
edited
Loading

Description:

The current query API eco name contains uppercase letters and spaces, making it cumbersome to use in command-line calls. For improved usability and consistency with other API conventions, we request a lowercase ( even space-free ) abbreviation for the eco name.

Benefits:

Improved Command-Line Usability: A concise abbreviation will make it easier to type and remember when using the API in scripts and command-line tools.

It will be even better if the naming is (partly) consistent with CPE23 standard.

Example:

If the current eco name is "Rocky Linux", a possible abbreviation could be "rockylinux", or even "rocky", or "rocky:linux" (cpe23)

Request:

We kindly request the development team to consider adding a lowercase, space-free abbreviation for the query API eco name. This will significantly enhance the user experience.
@edwinjhlee
Copy link
Contributor Author

edwinjhlee commented Jun 1, 2024
edited
Loading

https://x-cmd.com/mod/osv

The current way to query OSV using x osv q -p OSS-Fuzz,jq is a bit cumbersome. It would be much better to use x osv q -p oss-fuzz,jq.

We can add the name mapping in the client ( I might probably do it in the next week ).
However, it would be more beneficial if OSV officially provided a standard name mapping to avoid potential future confusion.

@edwinjhlee
Copy link
Contributor Author

Here is the grype --distro ID:

https://pkg.go.dev/github.com/anchore/grype/grype/distro#RockyLinux

image

@andrewpollock
Copy link
Contributor

Based on https://github.com/x-cmd/x-cmd/tree/main/mod/osv/lib I think this is more appropriate as an FR on the OSV.dev API itself, in the OSV.dev repo, so I'll move it over there...

@andrewpollock andrewpollock transferred this issue from google/osv-scanner Jun 10, 2024
@andrewpollock andrewpollock added enhancement New feature or request api API-related infrastructure labels Jun 10, 2024
@oliverchang
Copy link
Collaborator

Hi there, thanks for the feature request.

Our current position is this kind of fuzzy matching is best done on the client side. The reasoning is:

  • The OSV Schema provides a canonical formatting of ecosystem names, and we'd like to not encourage more ways to diverge from it and reduce the consistency of ecosystem names in the OSV platform.

  • It's unclear how many users this would benefit, since most of our users would likely be using the API in an automated setting (e.g. a vulnerability scanner), rather than users typing on a command line.

We'll re-assess this if we see more requests from our users for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api API-related infrastructure enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@oliverchang @edwinjhlee @andrewpollock