Publish VMWare Photon Advisories in OSV format, automatically synced. Unofficial - not affiliated with VMWare
d495c36cf3
|
||
|---|---|---|
| .github/workflows | ||
| advisories | ||
| photon-wiki@dfda10758e | ||
| .gitmodules | ||
| .nojekyll | ||
| LICENSE | ||
| README.md | ||
| generate.py | ||
| requirements.txt | ||
| update.py | ||
README.md
VMWare Photon Advisories
Background
- VMWare Photon is a minimal linux container host OS.
- Photon Security Advisories are published by VMWare at https://github.com/vmware/photon/wiki/Security-Advisories.
- OSV is a Open Source Vulnerability format, as specified by the Open Source Security Foundation.
- GSD Database is a vulnerability database used by OSV.dev, and maintained by the Cloud Security Alliance
What is this project?
The OSV.dev expects advisories to be published in the OSV format. This repository republishes the advisories in the OSV format, and syncs them against the GSD Database
- Picks up data from https://github.com/vmware/photon/wiki/Security-Advisories,
- Get CVE metadata from https://packages.vmware.com/photon/photon_cve_metadata/
- Generates advisories in the OSV format at
advisories/using the above. - Syncs Data to the GSD Database
TODO:
- Delete advisories that are deleted upstream (Experimental)
- Automatic Update
- Automatic Sync (to GSD)
- Schema: Provide
credits - Schema: Provide impacted packages
- Schema: Provide all impacted packages, with version number that fixes the issue. (Available in all but 50-60 advisories)
- Schema: Provide summary/details/severity
- Schema: Provide SHA256 hashes under database_specific
Contributing
Contributions are welcome! Since the advisories are automatically generated, please don't make
manual updates to the JSON advisory files. Instead update the generation script: generate.py.
License
Licensed under the MIT License. See LICENSE file for details.