Skip to content

enhance(cve-feed): osv_generator, strip OSV from content_text, support ```json osv fence#183

Draft
PushkarJ wants to merge 3 commits intokubernetes:mainfrom
PushkarJ:code-upkeep-maintenance-pj-1
Draft

enhance(cve-feed): osv_generator, strip OSV from content_text, support ```json osv fence#183
PushkarJ wants to merge 3 commits intokubernetes:mainfrom
PushkarJ:code-upkeep-maintenance-pj-1

Conversation

@PushkarJ
Copy link
Member

@PushkarJ PushkarJ commented Feb 14, 2026
edited
Loading

Follow up to this PR: #181

Sample output file
output.txt

@Pnkcaht
tooling: include OSV JSON data in official CVE feed
1314b35 
Signed-off-by: pnkcaht <samzoovsk19@gmail.com>
@Pnkcaht
tooling: include embedded OSV data from CVE issue body
8032848 
Signed-off-by: pnkcaht <samzoovsk19@gmail.com>
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 14, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 14, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 14, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: PushkarJ
Once this PR has been reviewed and has the lgtm label, please assign tabbysable for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 14, 2026
@PushkarJ
Copy link
Member Author

PushkarJ commented Feb 14, 2026

/sig security docs
/triage accepted
/area security

@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/docs Categorizes an issue or PR as relevant to SIG Docs. triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Feb 14, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 14, 2026

@PushkarJ: The label(s) area/security cannot be applied, because the repository doesn't have them.

Details

In response to this:

/sig security docs
/triage accepted
/area security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@PushkarJ PushkarJ force-pushed the code-upkeep-maintenance-pj-1 branch from 81bfbc7 to d8693d7 Compare February 21, 2026 00:07
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 21, 2026
@PushkarJ PushkarJ changed the title refactor(cve-feed): shared OSV helper, fix error logging, README pip3 instructions enhance(cve-feed): osv_generator, strip OSV from content_text, support ```json osv fence Feb 21, 2026
@PushkarJ PushkarJ force-pushed the code-upkeep-maintenance-pj-1 branch from d8693d7 to cdb3315 Compare February 21, 2026 00:11
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Feb 21, 2026
@PushkarJ
tooling(cve-feed): osv_generator, strip OSV from content_text, suppor…
2fce6c0 
…t ```json osv fence

- Add _kubernetes_io.osv_generator from issue 'generated by' comment or cve-feed-osv repo

- Set content_text to body minus OSV block and <details>OSV format</details>+comment

- Prefer OSV from GitHub issue when present; support '```json osv' fence in addition to '```json'

- Refactor shared _find_osv_json_block; remove redundant additional-CVE OSV fetch
@PushkarJ PushkarJ force-pushed the code-upkeep-maintenance-pj-1 branch from cdb3315 to 2fce6c0 Compare February 21, 2026 00:12
@PushkarJ PushkarJ mentioned this pull request Mar 11, 2026
Open
@PushkarJ
Copy link
Member Author

PushkarJ commented Mar 11, 2026

This is mostly done. Just waiting for original PR to be merged before I open it up as "ready for review" assuming nothing else needs adjusting

@mtardy
Copy link
Member

mtardy commented Mar 12, 2026

This is mostly done. Just waiting for original PR to be merged before I open it up as "ready for review" assuming nothing else needs adjusting

Hey I don't get it why we don't just fix the initial PR with the author or merge something correct directly ourselves? Accepting incorrect patch in the tree to fix them ourselves after the fact looks strange to me.

@smarticu5
Copy link
Contributor

smarticu5 commented Mar 12, 2026

This is mostly done. Just waiting for original PR to be merged before I open it up as "ready for review" assuming nothing else needs adjusting

Hey I don't get it why we don't just fix the initial PR with the author or merge something correct directly ourselves? Accepting incorrect patch in the tree to fix them ourselves after the fact looks strange to me.

I'm with @mtardy on this. It's better for the corrections to be applied to the original PR before we introduce code we don't like.

@PushkarJ
Copy link
Member Author

PushkarJ commented Mar 13, 2026

Ack. No strong opinions from my end. Whichever option is best for the code base is fine with me :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cailyn-codes cailyn-codes Awaiting requested review from cailyn-codes

@tabbysable tabbysable Awaiting requested review from tabbysable

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@PushkarJ @k8s-ci-robot @mtardy @smarticu5 @Pnkcaht