oss-review-toolkit · lamppu · May 28, 2026 · Jun 5, 2026 · Jun 8, 2026
@@ -150,6 +150,11 @@ path = "clients/scanoss/swagger/**"
 SPDX-FileCopyrightText = "Copyright (c) 2022 SCANOSS"
 SPDX-License-Identifier = "MIT"
 
+[[annotations]]
+path = "clients/vulnerable-code/openapi/**"
+SPDX-FileCopyrightText = "Copyright (c) nexB Inc. and others"
+SPDX-License-Identifier = "Apache-2.0"
+
 [[annotations]]
 path = "evaluator/src/main/resources/rules/matrixseqexpl.json"
 SPDX-FileCopyrightText = "2021 Open Source Automation Development Lab (OSADL) eG"

@@ -17,20 +17,42 @@
  * License-Filename: LICENSE
  */
 
+import io.github.hfhbd.kfx.openapi.OpenApi
+
 plugins {
     // Apply precompiled plugins.
     id("ort-library-conventions")
 
     // Apply third-party plugins.
+    alias(libs.plugins.kfx)
     alias(libs.plugins.kotlinSerialization)
 }
 
+kfx {
+    register<OpenApi>("VulnerableCodeApi") {
+        files.from("openapi/vulnerablecode.openapi.json")
+
+        packageName = "org.ossreviewtoolkit.clients.vulnerablecode"
+
+        dependencies {
+            compiler(kotlinClasses())
+            compiler(kotlinxJson())
+            compiler(ktorClient())
+        }
+
+        usingKotlinSourceSet(kotlin.sourceSets.main)
+    }
+}
+
 dependencies {
+    api(ktorLibs.client.core)
+    api(libs.kotlinx.datetime)
     api(libs.kotlinx.serialization.core)
     api(libs.kotlinx.serialization.json)
     api(libs.okhttp)
     api(libs.retrofit)
 
+    implementation(ktorLibs.http)
     implementation(libs.retrofit.converter.kotlinxSerialization)
 }
 

@@ -0,0 +1 @@
+The OpenAPI schema in this directory was copied from the public [VulnerableCode API schema](https://public.vulnerablecode.io/api/schema/?format=json).
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		The OpenAPI schema in this directory was copied from the public [VulnerableCode API schema](https://public.vulnerablecode.io/api/schema/?format=json).