Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SOURCES.rst to document data sources being used #298

Merged
merged 2 commits into from
Dec 17, 2020
Merged

Add SOURCES.rst to document data sources being used #298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
084781b
Add SOURCES.rst to document data sources being used
sbs2001 Dec 11, 2020
4a5d383
Link SOURCES.rst from README.rst and correct a typo in SOURCES.rst
sbs2001 Dec 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@ The How

VulnerableCode independently aggregates many software vulnerability data
sources that can easily be recreated in a decentralized fashion. These
data sources include security advisories published by distros, package
managers, etc. Due to this, the data obtained is not generalized to apply
for other ecosystems. This increases the accuracy as the same version of
a package across different distros may or may not be vulnerable to some
vulnerability.
data sources (see complete list `here <./SOURCES.rst>`_) include security
advisories published by distros, package managers, etc. Due to this, the
data obtained is not generalized to apply for other ecosystems. This
increases the accuracy as the same version of a package across different distros
may or may not be vulnerable to some vulnerability.

The packages are identified using
`PURL <https://github.com/package-url/purl-spec>`__ rather than CPEs.
Expand Down
45 changes: 45 additions & 0 deletions SOURCES.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|Importer Name: | Data Source |Ecosystems Covered |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|rust | https://github.com/RustSec/advisory-db |rust crates |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|alpine | https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb |alpine packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|archlinux | https://security.archlinux.org/json |arch packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|debian | https://security-tracker.debian.org/tracker/data/json |debian packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|npm | https://github.com/nodejs/security-wg.git |npm packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|ruby | https://github.com/rubysec/ruby-advisory-db.git |ruby gems |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|ubuntu | https://people.canonical.com/~ubuntu-security/oval/ |ubuntu packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|retiredotnet | https://github.com/RetireNet/Packages.git |.NET packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|suse_backports | http://ftp.suse.com/pub/projects/security/yaml/ |SUSE packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|debian_oval | https://www.debian.org/security/oval/ |debian packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|redhat | https://access.redhat.com/hydra/rest/securitydata/cve.json |rpm packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|nvd | https://nvd.nist.gov/vuln/data-feeds#JSON_FEED |none |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|gentoo | https://anongit.gentoo.org/git/data/glsa.git |gentoo packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|openssl | https://www.openssl.org/news/vulnerabilities.xml |openssl |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|ubuntu_usn | https://usn.ubuntu.com/usn-db/database-all.json.bz2 |ubuntu packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|github | https://api.github.com/graphql |maven, .NET, php-composer, pypi packages. ruby gems |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|msr2019 | https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv |maven packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|apache_httpd | https://httpd.apache.org/security/vulnerabilities-httpd.xml |apache-httpd |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|kaybee | https://github.com/SAP/project-kb.git |maven packages |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|nginx | http://nginx.org/en/security_advisories.html |nginx |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
|postgresql | https://www.postgresql.org/support/security/ |postgresql |
+----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+