Skip to content

sschubertchainguard/advisories

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

advisories

Security advisory data for the Wolfi distribution.

Introduction

This repository is where we store Wolfi's security advisory data. Each Wolfi package is represented with a <package-name>.advisories.yaml file, if there are any advisories recorded for the given package.

The purpose of the advisory data is to record all investigated package vulnerabilities and indicate the latest understanding of whether or not the package is affected by the vulnerability.

Interpreting the data

Each package advisories file in this repository has a list of one or more advisories. Each advisory is named by an ID (e.g. "CVE-2023-12345") and contains a list of timestamped events that describe the investigation of a vulnerability's impact on the given package.

Event Types

For a detailed look at the current event types, see the Event Types document.

Using the data

The best way to interact with the data in this repo is to use wolfictl. Run wolfictl advisory -h to see a list of commands designed to interact with this dataset.

For example, to see advisories for every package in Wolfi:

$ wolfictl advisory list
apko: CVE-2023-28840: fixed (0.7.3-r1)
apko: CVE-2023-28841: fixed (0.7.3-r1)
apko: CVE-2023-28842: fixed (0.7.3-r1)
bind: CVE-2018-5736: fixed (9.18.10-r0)
(and so on...)

About

Security advisory data for Wolfi

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%