Skip to content

OSV feed Ubuntu: Validate artifacts #42199

New issue
New issue
Open
Open
OSV feed Ubuntu: Validate artifacts#42199
Labels
:productProduct Design department (shows up on 🦢 Drafting board)
@ksykulev

Description

@ksykulev
ksykulev
opened on Mar 20, 2026

Background

The vulnerabilities repository is responsible for generating osv artifacts #41571.

For NVD artifacts there is an additional validation step after generation.
https://github.com/fleetdm/vulnerabilities/blob/main/.github/workflows/generate-cve.yml#L93-L96

     - name: Validate NVD Feeds
        run: |
          cd fleet
          go run cmd/cve/validate/main.go --db_dir ./cvefeed --debug

The purpose of this is to attempt to detect any possible breaking changes in fleet server prior to publish the artifacts. Although fleet servers will run vulnerability scanning with outdated artifacts, that is better than breaking the vulnerability scanning job.

To do

Either modify the existing cmd/cve/validate/main.go command or create a new step that verifies the osv artifacts that were just generated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    :productProduct Design department (shows up on 🦢 Drafting board)

    Type

    No type

    Projects

    🦢 Drafting

    Status

    📨 Inbox
    🗺️ Release planning

    Status

    No status
    🛡️ #g-security-compliance

    Status

    🥚 Ready

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions