Architecture

Architecture diagram

Data source

Our data is sourced from a variety of sources, which we are looking to expand on over time.

OSV runs on Google Cloud Platform, with the following main components:

Cloud Datastore

All vulnerability data is stored in Cloud Datastore, with the models defined here.

Google Kubernetes Engine (GKE)

GKE is used for running workers to perform bisects and impact analysis. These workers consume tasks from a Cloud Pub/Sub topic.

Workers are Docker containers, which use gVisor for sandboxing untrusted workloads.

Cloud Run / Cloud Endpoints

The API server runs on Cloud Run, and is served by Cloud Endpoints.

App Engine

The main web UI runs on App Engine. App Engine cron jobs also schedule recurring tasks for the workers, allocate OSV IDs, and make vulnerabilities public at the appropriate times.