Questions about the update cycles

[hannesm]

Dear everyone,

thanks for your database. I have some observations about updates thereof:

• I noticed that https://test.osv.dev/vulnerability/OSEC-2026-01 has the modified as 2026-02-17T15:18:05.316779Z, while https://osv.dev/vulnerability/OSEC-2026-01 has 2026-02-17T14:45:51.530795Z
• at the same time, osv.dev has been updating the OSEC source more recently (e.g. https://osv.dev/vulnerability/OSEC-2022-01 has 2026-02-18T09:58:24.266403Z)
• there are no issues reported at the linter https://osv.dev/linter

So, my question is when are sources being updated (how often)? And how comes that one data source (https://github.com/ocaml/security-advisories) is not completely used (see OSEC-2022-01 vs OSEC-2026-01), but only partially?

Are there any publicly available logs that can bring some light into this? I'm mainly asking to figure out whether we (from the OSEC source) can develop some best practises so that osv is happy with our update stream.

[michaelkedar]

Hi,
This seems to be a problem on our end, related to #4726.
We should be checking for updates every 15 minutes, but it seems some of these are randomly getting dropped.

I'll try forcing a full update of the OSEC source on the production instance to see if it will pick up the missed updates.

I have been looking into the problem, hopefully I can have this resolved soon.

[github-actions]

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

[github-actions]

Automatically closing stale issue