Integrate Morefixes dataset into GHAD

[JafarAkhondali]

Hello,
I've combined GHAD and NIST in my research paper and combined other tools to create the largest CVEs matched with their fix commits. Ofcourse there are limitations, but I believe it might be a good idea to merge Morefixes dataset into this repository. You can find all related data and the link to the paper here: https://github.com/JafarAkhondali/morefixes
Let me know what do you think

[darakian]

Hoi en dank je wel voor de referentie :)

Interesting paper indeed and I'm really happy that our database could aid in your research! That said, we're not going to blanket import your database without review. It looks like most of your paper concerns projects which are out of scope for us
https://github.com/github/advisory-database?tab=readme-ov-file#supported-ecosystems
But if you'd like to make PRs to add fix commits or to otherwise improve anything that is in scope that would be amazing 👍

[JafarAkhondali]

Hallo en bedankt voor het antwoorden :)

We used ecosystems such as (npm, pypi, Go, etc) to find repository addresses. It's possible to use https://deps.dev/ service to trace a GitHub repository back to the package name. Of course, you also need to review them. But I was looking for a semi-automated way. For example, I can first send some pull requests that are expected to have the same quality if we do it automatically, and then if everything works fine, we can convert go with larger chunks of changes.
Anyway, if there is no one from your team to help with the integration, I'll start contributing but not soon.

[darakian]

The automation is just PRs :)
If I can make one ask, please just rate limit them as we review everything manually 👍