Skip to content

Add RHEL OSV feed generation#32

Open
mostlikelee wants to merge 1 commit intomainfrom
tlee/rhel-osv-feeds
Open

Add RHEL OSV feed generation#32
mostlikelee wants to merge 1 commit intomainfrom
tlee/rhel-osv-feeds

Conversation

@mostlikelee
Copy link
Copy Markdown
Collaborator

@mostlikelee mostlikelee commented Apr 8, 2026

Summary

Adds a single workflow step to generate-cve.yml that downloads Red Hat's OSV data from GCS and runs the osv-processor to generate RHEL artifacts.

Changes

One new step in .github/workflows/generate-cve.yml:

  1. Downloads https://storage.googleapis.com/osv-vulnerabilities/Red%20Hat/all.zip (23MB)
  2. Runs osv-processor --platform rhel --versions "7,8,9,10"
  3. Outputs osv-rhel-{7,8,9,10}-YYYY-MM-DD.json.gz into fleet/cvefeed/

The existing release step already uploads fleet/cvefeed/*, so the new artifacts are published automatically.

Dependencies

Expected output

Each run will produce 4 new artifacts alongside existing ones:

Artifact Packages CVEs Size
osv-rhel-7-YYYY-MM-DD.json.gz ~4,000 ~4,600 ~335KB
osv-rhel-8-YYYY-MM-DD.json.gz ~6,800 ~6,900 ~1.1MB
osv-rhel-9-YYYY-MM-DD.json.gz ~4,400 ~5,900 ~1.3MB
osv-rhel-10-YYYY-MM-DD.json.gz ~1,900 ~1,000 ~252KB

@mostlikelee
Add RHEL OSV feed generation to CVE workflow
46cafdc 
Downloads Red Hat OSV data from GCS and runs osv-processor with
--platform rhel to generate osv-rhel-{7,8,9,10}-YYYY-MM-DD.json.gz
artifacts. These are published alongside existing Ubuntu OSV and
goval-dictionary artifacts in each release.

Depends on fleetdm/fleet#43183 (osv-processor RHEL support).
@mostlikelee mostlikelee mentioned this pull request Apr 8, 2026
Open
@mostlikelee mostlikelee linked an issue Apr 8, 2026 that may be closed by this pull request
Generate OSV feeds fleetdm/fleet#43183
Open
@mostlikelee mostlikelee mentioned this pull request Apr 9, 2026
Draft
2 tasks
@mostlikelee mostlikelee marked this pull request as ready for review April 13, 2026 17:54
ksykulev
ksykulev reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ksykulev ksykulev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The all zip is only 23mb, so I feel like do any kind of caching here would be over engineering. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ksykulev ksykulev ksykulev approved these changes

@lukeheath lukeheath Awaiting requested review from lukeheath lukeheath is a code owner

@getvictor getvictor Awaiting requested review from getvictor getvictor is a code owner

@dantecatalfamo dantecatalfamo Awaiting requested review from dantecatalfamo dantecatalfamo is a code owner

Assignees

@dantecatalfamo dantecatalfamo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Generate OSV feeds

3 participants

@mostlikelee @ksykulev @dantecatalfamo