Add FreeBSD to OSVF-Schema (#448)

Add FreeBSD to OSVF-Schema with name FreeBSD and prefix FREEBSD. As
FreeBSD OSV vulnerability database is not yet released this it bit WIP.

FreeBSD PURL PR is also in the works:
[purl-spec#496](package-url/purl-spec#496)

Ecosystem schema's will be like:
- `FreeBSD:base` For FreeBSD base system issues
- `FreeBSD:kernel` For FreeBSD kernel issues
- `FreeBSD:ports` For FreeBSD ports issues

Signed-off-by: Tuukka Pasanen <[email protected]>

Author: illuusio

README.md

@@ -44,6 +44,7 @@ Together, these include vulnerabilities from:
 -   Debian GNU/Linux
 -   Echo
 -   Erlang Ecosystem Foundation
+-   FreeBSD
 -   GitHub Actions
 -   Go
 -   Haskell

bindings/go/osvconstants/constants.go

@@ -868,6 +868,7 @@ The defined ecosystems are:
 | `crates.io` | The crates.io ecosystem for Rust; the `name` field is a crate name. |
 | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. For versions without a numeric version, use the the string in the `series` column of the  `distro-info-data` CSV, e.g. "Debian:sid". |
 | `Echo` | The Echo package ecosystem; the `name` is the name of the source package. |
+| `FreeBSD` | The FreeBSD ecosystem consists of three main components: the base system, kernel, and ports. For ports, the `name` refers to the name of a package managed by `pkg(8)`, which is the FreeBSD package manager. Ecosystem strings can include `:ports`, indicating that an issue pertains to ports (e.g., 'FreeBSD:ports'). Base system issues should be categorized under `:base`. The `ranges[].events` versions correspond to specific FreeBSD releases, such as 'FreeBSD:base:14.3'. Kernel-related issues are denoted by `:kernel`, with examples like 'FreeBSD:kernel'. Every namespace can have optional `:<RELEASE>` segment at last, which can be used to specify that an issue applies only to a particular FreeBSD release like. |
 | `GHC` | The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS). |
 | `GitHub Actions` | The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`. |
 | `Go` | The Go ecosystem; the `name` field is a Go module path. |

docs/schema.md

@@ -13,6 +13,7 @@
   "crates.io": "The crates.io ecosystem for Rust; the `name` field is a crate name.",
   "Debian": "The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string \"Debian:7\" refers to the Debian 7 (wheezy) release. For versions without a numeric version, use the the string in the `series` column of the  `distro-info-data` CSV, e.g. \"Debian:sid\".",
   "Echo": "The Echo package ecosystem; the `name` is the name of the source package.",
+  "FreeBSD": "The FreeBSD ecosystem consists of three main components: the base system, kernel, and ports. For ports, the `name` refers to the name of a package managed by `pkg(8)`, which is the FreeBSD package manager. Ecosystem strings can include `:ports`, indicating that an issue pertains to ports (e.g., 'FreeBSD:ports'). Base system issues should be categorized under `:base`. The `ranges[].events` versions correspond to specific FreeBSD releases, such as 'FreeBSD:base:14.3'. Kernel-related issues are denoted by `:kernel`, with examples like 'FreeBSD:kernel'. Every namespace can have optional `:<RELEASE>` segment at last, which can be used to specify that an issue applies only to a particular FreeBSD release like.",
   "GHC": "The Haskell compiler ecosystem. The `name` field is the name of a component of the GHC compiler ecosystem (e.g., compiler, GHCI, RTS).",
   "GitHub Actions": "The GitHub Actions ecosystem; the `name` field is the action's repository name with owner e.g. `{owner}/{repo}`.",
   "Go": "The Go ecosystem; the `name` field is a Go module path.",

ecosystems.json

@@ -343,6 +343,7 @@
         "crates.io",
         "Debian",
         "Echo",
+        "FreeBSD",
         "GHC",
         "GitHub Actions",
         "Go",
@@ -381,13 +382,13 @@
       "type": "string",
       "title": "Currently supported ecosystems",
       "description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
-      "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|CleanStart|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Julia|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|VSCode|Wolfi|GIT)(:.+)?$"
+      "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|CleanStart|ConanCenter|CRAN|crates\\.io|Debian|Echo|FreeBSD|GHC|GitHub Actions|Go|Hackage|Hex|Julia|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|VSCode|Wolfi|GIT)(:.+)?$"
     },
     "prefix": {
       "type": "string",
       "title": "Currently supported home database identifier prefixes",
       "description": "These home databases are also documented at https://ossf.github.io/osv-schema/#id-modified-fields",
-      "pattern": "^(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|BELL|BIT|CGA|CURL|CVE|DEBIAN|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-"
+      "pattern": "^(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|BELL|BIT|CGA|CURL|CVE|DEBIAN|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-"
     },
     "severity": {
       "type": [

tools/osv-linter/internal/checks/schema_generated.json

@@ -343,6 +343,7 @@
         "crates.io",
         "Debian",
         "Echo",
+        "FreeBSD",
         "GHC",
         "GitHub Actions",
         "Go",
@@ -381,13 +382,13 @@
       "type": "string",
       "title": "Currently supported ecosystems",
       "description": "These ecosystems are also documented at https://ossf.github.io/osv-schema/#affectedpackage-field",
-      "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|CleanStart|ConanCenter|CRAN|crates\\.io|Debian|Echo|GHC|GitHub Actions|Go|Hackage|Hex|Julia|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|VSCode|Wolfi|GIT)(:.+)?$"
+      "pattern": "^(AlmaLinux|Alpaquita|Alpine|Android|BellSoft Hardened Containers|Bioconductor|Bitnami|Chainguard|CleanStart|ConanCenter|CRAN|crates\\.io|Debian|Echo|FreeBSD|GHC|GitHub Actions|Go|Hackage|Hex|Julia|Kubernetes|Linux|Mageia|Maven|MinimOS|npm|NuGet|openEuler|openSUSE|OSS-Fuzz|Packagist|Photon OS|Pub|PyPI|Red Hat|Rocky Linux|RubyGems|SUSE|SwiftURL|Ubuntu|VSCode|Wolfi|GIT)(:.+)?$"
     },
     "prefix": {
       "type": "string",
       "title": "Currently supported home database identifier prefixes",
       "description": "These home databases are also documented at https://ossf.github.io/osv-schema/#id-modified-fields",
-      "pattern": "^(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|BELL|BIT|CGA|CURL|CVE|DEBIAN|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-"
+      "pattern": "^(ASB-A|PUB-A|ALPINE|ALSA|ALBA|ALEA|BELL|BIT|CGA|CURL|CVE|DEBIAN|DRUPAL|DSA|DLA|ELA|DTSA|ECHO|EEF|FreeBSD|GHSA|GO|GSD|HSEC|JLSEC|KUBE|LBSEC|LSN|MAL|MINI|MGASA|OESA|OSV|openSUSE-SU|PHSA|PSF|PYSEC|RHBA|RHEA|RHSA|RLSA|RXSA|RSEC|RUSTSEC|SUSE-[SRFO]U|UBUNTU|USN|V8)-"
     },
     "severity": {
       "type": [