From b6bf8e05c795698c85a5095502995a76dd6f8385 Mon Sep 17 00:00:00 2001
From: Andrew Pollock <andrewpollock@users.noreply.github.com>
Date: Thu, 20 Mar 2025 02:47:56 +0000
Subject: [PATCH 1/2] feat: readability improvements to OSV record

This improves the generation of the OSV record:

- the summary is human readable
- the policy link is included in the details
- the details are split over multiple lines

So that the record views more nicely at OSV.dev
and output from the likes of OSV-Scanner
(which may only include the summary) is more
user-friendly.

Per https://ossf.github.io/osv-schema/#summary-details-fields
- the summary is plain text
- details is CommonMark markdown
---
 policies/V8-policy.json | 4 ++--
 src/main.go             | 4 ++--
 src/main_test.go        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/policies/V8-policy.json b/policies/V8-policy.json
index 2464846..4c70447 100644
--- a/policies/V8-policy.json
+++ b/policies/V8-policy.json
@@ -8,6 +8,6 @@
     "main"
   ],
   "freshness_days": 7,
-  "policy_link": "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/updates.md",
-  "description": "Dependency on outdated V8 found. Please update to the latest [beta](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/beta), [stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/stable), or [extended stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/extended) versions."
+  "summary": "Outdated dependency on V8 found (see details)",
+  "description": "Outdated dependency on V8 found (see [policy](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/updates.md).\n\nPlease update to the latest [beta](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/beta), [stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/stable), or [extended stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/extended) versions."
 }
diff --git a/src/main.go b/src/main.go
index ca4896b..109c3ca 100644
--- a/src/main.go
+++ b/src/main.go
@@ -29,7 +29,7 @@ type Policy struct {
 	ID            string   `json:"id"`
 	Repository    string   `json:"repository"`
 	FreshnessDays int      `json:"freshness_days"`
-	PolicyLink    string   `json:"policy_link"`
+	Summary       string   `json:summary`
 	Description   string   `json:"description"`
 	Branches      []string `json:"branches"`
 }
@@ -222,7 +222,7 @@ func updateAdvisory(advisory *Advisory, policy *Policy, cache map[string][]strin
 
 	advisory.ID = policy.ID
 	advisory.Modified = nowTimestamp
-	advisory.Summary = policy.PolicyLink
+	advisory.Summary = policy.Summary
 	advisory.Details = policy.Description
 	advisory.Affected = []AffectedItem{*affectedItem}
 
diff --git a/src/main_test.go b/src/main_test.go
index ab48816..8bb9e06 100644
--- a/src/main_test.go
+++ b/src/main_test.go
@@ -237,7 +237,7 @@ func TestUpdateAdvisory(t *testing.T) {
 		ID:            "policyID",
 		Repository:    "owner/repo",
 		FreshnessDays: 1,
-		PolicyLink:    "policyLink",
+		Summary:       "policySummary",
 		Description:   "policyDescription",
 	}
 
@@ -261,7 +261,7 @@ func TestUpdateAdvisory(t *testing.T) {
 		ID:            "policyID",
 		Modified:      nowTimestamp,
 		Published:     nowTimestamp,
-		Summary:       "policyLink",
+		Summary:       "policySummary",
 		Details:       "policyDescription",
 		Affected: []AffectedItem{
 			{

From 8bad78f92e3744125eec02d826f05e2631a82aa1 Mon Sep 17 00:00:00 2001
From: Andrew Pollock <andrewpollock@users.noreply.github.com>
Date: Thu, 20 Mar 2025 04:37:44 +0000
Subject: [PATCH 2/2] fix: reinstate PolicyLink struct field

Upon reviewing the README.md and the broader
intent of this code, I can see the utility of
retaining this as an explicit field and value
(for self-documenting), even if it is not
currently used.
---
 policies/V8-policy.json | 1 +
 src/main.go             | 1 +
 2 files changed, 2 insertions(+)

diff --git a/policies/V8-policy.json b/policies/V8-policy.json
index 4c70447..e7a8930 100644
--- a/policies/V8-policy.json
+++ b/policies/V8-policy.json
@@ -8,6 +8,7 @@
     "main"
   ],
   "freshness_days": 7,
+  "policy_link": "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/updates.md",
   "summary": "Outdated dependency on V8 found (see details)",
   "description": "Outdated dependency on V8 found (see [policy](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/updates.md).\n\nPlease update to the latest [beta](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/beta), [stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/stable), or [extended stable](https://chromium.googlesource.com/v8/v8.git/+/refs/heads/extended) versions."
 }
diff --git a/src/main.go b/src/main.go
index 109c3ca..7ad6388 100644
--- a/src/main.go
+++ b/src/main.go
@@ -29,6 +29,7 @@ type Policy struct {
 	ID            string   `json:"id"`
 	Repository    string   `json:"repository"`
 	FreshnessDays int      `json:"freshness_days"`
+	PolicyLink    string   `json:"policy_link"`
 	Summary       string   `json:summary`
 	Description   string   `json:"description"`
 	Branches      []string `json:"branches"`