Add kubernetes vulnerabilities

[sbs2001]

Currently sig-security has a draft KEP here for creating structured feeds for k8s vulnerabilities.

It would be great if osv could consume this feed when implemented.

Relevant ticket at kubernetes/sig-security#1

[oliverchang]

Thanks a lot for flagging this @sbs2001 ! It would be awesome if Kubernetes is able to publish their vulnerabilities in the OSV format. We'd be very happy to work with you and everyone else on the relevant ticket.

[andrewpollock]

kubernetes/enhancements#3203 also seems to be related to this.

[andrewpollock]

We're currently updating our roadmap for 2023, and have tentatively targeted Q3 for this, subject to the data being available.

[github-actions]

This issue has not had any activity for 60 days and will be automatically closed in two weeks

[github-actions]

Automatically closing stale issue

[andrewpollock]

Reopening in light of:

• Keep OSV feed data current and updated kubernetes-sigs/cve-feed-osv#9 surfacing the existence of https://github.com/kubernetes-sigs/cve-feed-osv

In order to be able to import these records into OSV.dev:

• The Kubernetes ecosystem will need to be added to the OSV-Schema
• The records in https://github.com/kubernetes-sigs/cve-feed-osv would need to be republished using the unique ID prefix selected as part of officially onboarding with the OSV Schema (optionally referring to the relevant CVE ID in the aliases field)

/cc @PushkarJ