photon-os-advisories/README.md

VMWare Photon Advisories

Background

• VMWare Photon is a minimal linux container host OS.
• Photon Security Advisories are published by VMWare at https://github.com/vmware/photon/wiki/Security-Advisories.
• OSV is a Open Source Vulnerability format, as specified by the Open Source Security Foundation.
• GSD Database is a vulnerability database used by OSV.dev, and maintained by the Cloud Security Alliance

What is this project?

The OSV.dev expects advisories to be published in the OSV format. This repository republishes the advisories in the OSV format, and syncs them against the GSD Database

• Picks up data from https://github.com/vmware/photon/wiki/Security-Advisories,
• Get CVE metadata from https://packages.vmware.com/photon/photon_cve_metadata/
• Generates advisories in the OSV format at advisories/ using the above.
• Syncs Data to the GSD Database

TODO:

• Delete advisories that are deleted upstream (Experimental)
• Automatic Update
• Automatic Sync (to GSD)
• Schema: Provide credits
• Schema: Provide impacted packages
• Schema: Provide all impacted packages, with version number that fixes the issue. (Available in all but 50-60 advisories)
• Schema: Provide summary/details/severity
• Schema: Provide SHA256 hashes under database_specific

Contributing

Contributions are welcome! Since the advisories are automatically generated, please don't make manual updates to the JSON advisory files. Instead update the generation script: generate.py.

License

Licensed under the MIT License. See LICENSE file for details.