mirror of https://github.com/docker/docs.git
Move package ecosystem section
Signed-off-by: Chris Chinchilla <chris.ward@docker.com>
This commit is contained in:
Chris Chinchilla
Chris Chinchilla
parent
f9c3403c07
commit
3cbe3f2139
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
description: More details on the Docker Scout Advisory Database and CVE-to-package matching service.
|
||||
keywords: scanning, vulnerabilities, Hub, supply chain, security
|
||||
keywords: scanning, analysis, vulnerabilities, Hub, supply chain, security
|
||||
title: Advisory Database sources and matching service
|
||||
---
|
||||
|
||||
|
|
@ -46,21 +46,6 @@ trackers, such as:
|
|||
- [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/)
|
||||
- [Wolfi Security Feed](https://packages.wolfi.dev/os/security.json)
|
||||
|
||||
And the following package ecosystems:
|
||||
|
||||
- .NET
|
||||
- GitHub packages
|
||||
- Go
|
||||
- Java
|
||||
- JavaScript
|
||||
- PHP
|
||||
- Python
|
||||
- RPM
|
||||
- Ruby
|
||||
- `alpm` (Arch Linux)
|
||||
- `apk` (Alpine Linux)
|
||||
- `deb` (Debian Linux and derivatives)
|
||||
|
||||
Docker Scout correlates this data by making a full inventory of a container
|
||||
image and storing that inventory in a [software bill of materials
|
||||
(SBOM)](https://ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf).
|
||||
|
|
@ -76,7 +61,7 @@ images that Docker Scout can then match to CVEs. Find more details on how this
|
|||
works in the [Advanced image analysis
|
||||
document](http://./advanced-image-analysis.md).
|
||||
|
||||
Docker Scout is ideal for scanning images in Docker Desktop and Docker Hub, but
|
||||
Docker Scout is ideal for analyzing images in Docker Desktop and Docker Hub, but
|
||||
the flexibility of the approach also means it can integrate with other image
|
||||
sources, for example, [JFrog
|
||||
Artifactory](https://docs.docker.com/scout/artifactory/).
|
||||
|
|
@ -117,3 +102,20 @@ system versions to make more precise matches.
|
|||
|
||||
In summary, Docker Scout’s technique improves matching accuracy and reduces the
|
||||
number of results that turn out to be false-positives.
|
||||
|
||||
## Package ecosystems supported by the Docker Scout Advisory Database
|
||||
|
||||
By sourcing vulnerability data from the providers above, Docker Scout is able to support analyzing the following package ecosystems:
|
||||
|
||||
- .NET
|
||||
- GitHub packages
|
||||
- Go
|
||||
- Java
|
||||
- JavaScript
|
||||
- PHP
|
||||
- Python
|
||||
- RPM
|
||||
- Ruby
|
||||
- `alpm` (Arch Linux)
|
||||
- `apk` (Alpine Linux)
|
||||
- `deb` (Debian Linux and derivatives)
|
||||
|
|
|
|||
Loading…
Reference in New Issue