Fix failing OSV import

nscuro · nscuro · commit b855a480077d · 2025-05-09T15:48:00.000+02:00
Signed-off-by: nscuro &lt;nscuro@protonmail.com&gt;
diff --git a/src/main/java/org/dependencytrack/vulndb/source/osv/OsvImporter.java b/src/main/java/org/dependencytrack/vulndb/source/osv/OsvImporter.java
@@ -1,5 +1,6 @@
 package org.dependencytrack.vulndb.source.osv;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import com.github.packageurl.MalformedPackageURLException;
@@ -69,6 +70,7 @@ public void init(final Database database) {
         this.database = database;
         this.httpClient = HttpClient.newHttpClient();
         this.objectMapper = new ObjectMapper()
+                .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
                 .registerModule(new JavaTimeModule());
     }
 
@@ -259,6 +261,9 @@ private void processAdvisory(final OsvAdvisory advisory) {
             }
         }
 
+        // TODO: OSV supports "upstream" IDs that are neither aliases nor related IDs. How to deal with those?
+        //  https://ossf.github.io/osv-schema/#upstream-field
+
         final var vuln = new Vulnerability(
                 advisory.id(),
                 advisory.aliases(),
