diff --git a/scout/advisory-db-sources.md b/scout/advisory-db-sources.md index c461aff5b1..e1108b231c 100644 --- a/scout/advisory-db-sources.md +++ b/scout/advisory-db-sources.md @@ -1,6 +1,6 @@ --- description: More details on the Docker Scout Advisory Database and CVE-to-package matching service. -keywords: scanning, vulnerabilities, Hub, supply chain, security +keywords: scanning, analysis, vulnerabilities, Hub, supply chain, security title: Advisory Database sources and matching service --- @@ -46,21 +46,6 @@ trackers, such as: - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/) - [Wolfi Security Feed](https://packages.wolfi.dev/os/security.json) -And the following package ecosystems: - -- .NET -- GitHub packages -- Go -- Java -- JavaScript -- PHP -- Python -- RPM -- Ruby -- `alpm` (Arch Linux) -- `apk` (Alpine Linux) -- `deb` (Debian Linux and derivatives) - Docker Scout correlates this data by making a full inventory of a container image and storing that inventory in a [software bill of materials (SBOM)](https://ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf). @@ -76,7 +61,7 @@ images that Docker Scout can then match to CVEs. Find more details on how this works in the [Advanced image analysis document](http://./advanced-image-analysis.md). -Docker Scout is ideal for scanning images in Docker Desktop and Docker Hub, but +Docker Scout is ideal for analyzing images in Docker Desktop and Docker Hub, but the flexibility of the approach also means it can integrate with other image sources, for example, [JFrog Artifactory](https://docs.docker.com/scout/artifactory/). @@ -117,3 +102,20 @@ system versions to make more precise matches. In summary, Docker Scout’s technique improves matching accuracy and reduces the number of results that turn out to be false-positives. + +## Package ecosystems supported by the Docker Scout Advisory Database + +By sourcing vulnerability data from the providers above, Docker Scout is able to support analyzing the following package ecosystems: + +- .NET +- GitHub packages +- Go +- Java +- JavaScript +- PHP +- Python +- RPM +- Ruby +- `alpm` (Arch Linux) +- `apk` (Alpine Linux) +- `deb` (Debian Linux and derivatives)