Skip to content

Ingesting of Drupal advisory database #6437

New issue
New issue
Open
Open
Ingesting of Drupal advisory database#6437
@G-Rath

Description

@G-Rath
G-Rath
opened on Nov 18, 2025

We've been working with the Drupal community and OSV team to have Drupal advisories published in OSV format and ingested into osv.dev, with the database living here: https://github.com/DrupalSecurityTeam/drupal-advisory-database

We've recently gotten the database ingested into the test instance of osv.dev, and plan to have it moved to production ideally at the start of December.

I wanted to check if there is anything else needed to have GitHub use these advisories for tools like dependabot, or if having the advisories ingested into osv.dev is enough.

Note that while the database is not currently in production, we believe the advisories are stable and suitable to be used in production

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions