Publish VMWare Photon Advisories in OSV format, automatically synced. Unofficial - not affiliated with VMWare
Nemo
e9bbad80b0
This is a partial fix, as it solves it for 99% of the advisories. There are a few advisories, where the CVE is referenced multiple times across multiple advisories (in the same OS version) and thus looking up the CVE in the online JSON files gives you multiple fixed package versions. This only happens for a handful of cases so we don't mind yet! |
||
---|---|---|
.github/workflows | ||
advisories | ||
photon-wiki@160fed2e1e | ||
.gitmodules | ||
LICENSE | ||
README.md | ||
generate.py | ||
requirements.txt | ||
update.py |
README.md
VMWare Photon Advisories
Background
- VMWare Photon is a minimal linux container host OS.
- Photon Security Advisories are published by VMWare at https://github.com/vmware/photon/wiki/Security-Advisories.
- OSV is a Open Source Vulnerability format, as specified by the Open Source Security Foundation.
- GSD Database is a vulnerability database used by OSV.dev, and maintained by the Cloud Security Alliance
What is this project?
The OSV.dev expects advisories to be published in the OSV format. This repository republishes the advisories in the OSV format, and syncs them against the GSD Database
- Picks up data from https://github.com/vmware/photon/wiki/Security-Advisories,
- Generates advisories in the OSV format at advisories/
- Syncs Data to the GSD Database
TODO:
- Automatic Update
- Automatic Sync (to GSD)
- Schema: Provide
credits
- Schema: Provide impacted packages
- Schema: Provide all impacted packages, with version number that fixes the issue.
- Schema: Provide summary/details/severity
- Schema: Provide SHA256 hashes under database_specific
License
Licensed under the MIT License. See LICENSE file for details.