OSV.dev vulnerability database client
Add missing READMEs; expand short ones
New READMEs for: ocaml-auth, ocaml-cose, ocaml-http, ocaml-osv,
ocaml-rego, ocaml-scitt, ocaml-sigstore, ocaml-vec3.
Expanded: ca-certs (7→40 lines), osrelease (8→45 lines).
Each includes: synopsis, installation, usage example, API overview,
and license. Skipped ocaml-cel and ocaml-chor (no code yet).
+57
+57
README.md
+57
README.md
···
1
+
## osv -- OSV.dev vulnerability database client
2
+
3
+
Query the [OSV](https://osv.dev) (Open Source Vulnerabilities) database for
4
+
known vulnerabilities by Package URL, ecosystem, or commit hash. OSV aggregates
5
+
data from NVD, GitHub Advisories, RustSec, PyPI, and dozens of other sources
6
+
into a unified schema (OSV Schema v1.6).
7
+
8
+
## Installation
9
+
10
+
```
11
+
opam install osv
12
+
```
13
+
14
+
## Quick Start
15
+
16
+
```ocaml
17
+
Eio_main.run @@ fun env ->
18
+
Eio.Switch.run @@ fun sw ->
19
+
let vulns =
20
+
Osv.query_purl ~sw ~net:env#net ~clock:env#clock
21
+
"pkg:npm/lodash@4.17.20"
22
+
in
23
+
match vulns with
24
+
| Ok vulns ->
25
+
List.iter
26
+
(fun v ->
27
+
Printf.printf "%s [%s]: %s\n" v.Osv.id
28
+
(Osv.severity_to_string v.severity)
29
+
v.summary)
30
+
vulns
31
+
| Error msg ->
32
+
Printf.eprintf "Query failed: %s\n" msg
33
+
```
34
+
35
+
## Query Methods
36
+
37
+
- `query_purl` -- query by Package URL (e.g. `pkg:npm/lodash@4.17.20`)
38
+
- `query_package` -- query by ecosystem, name, and version
39
+
- `query_commit` -- query by git commit hash
40
+
- `query_batch` -- query multiple Package URLs in one API call
41
+
42
+
## Filtering
43
+
44
+
```ocaml
45
+
(* Keep only high and critical vulnerabilities *)
46
+
let critical = Osv.filter_severity ~min:High vulns
47
+
48
+
(* Check if a fix is available *)
49
+
let fixable = List.filter Osv.has_fix vulns
50
+
51
+
(* Extract CVE identifiers *)
52
+
let cves = List.concat_map Osv.cve_ids vulns
53
+
```
54
+
55
+
## License
56
+
57
+
ISC