From c5e643b9add480205d190c77b063a4d50451182e Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 19 Nov 2024 14:26:08 +0100 Subject: [PATCH 1/3] scout: add Photon OS to advisory list Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/manuals/scout/deep-dive/advisory-db-sources.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/scout/deep-dive/advisory-db-sources.md b/content/manuals/scout/deep-dive/advisory-db-sources.md index feb50a30e0..5debeaf95e 100644 --- a/content/manuals/scout/deep-dive/advisory-db-sources.md +++ b/content/manuals/scout/deep-dive/advisory-db-sources.md @@ -39,6 +39,7 @@ Docker Scout uses the following package repositories and security trackers: exploitation](https://github.com/gmatuz/inthewilddb) - [National Vulnerability Database](https://nvd.nist.gov/) - [Oracle Linux Security](https://linux.oracle.com/security/) +- [Photon OS 3.0 Security Advisories](https://github.com/vmware/photon/wiki/Security-Updates-3) - [Python Packaging Advisory Database](https://github.com/pypa/advisory-database) - [RedHat Security Data](https://www.redhat.com/security/data/metrics/) From b5c8b76503703584c10e3adf88b124a868f3ed78 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 19 Nov 2024 14:27:03 +0100 Subject: [PATCH 2/3] chore: format and sort scout advisory list Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- .../scout/deep-dive/advisory-db-sources.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/content/manuals/scout/deep-dive/advisory-db-sources.md b/content/manuals/scout/deep-dive/advisory-db-sources.md index 5debeaf95e..d023e6de64 100644 --- a/content/manuals/scout/deep-dive/advisory-db-sources.md +++ b/content/manuals/scout/deep-dive/advisory-db-sources.md @@ -22,33 +22,29 @@ is represented using the latest available information, in real-time. Docker Scout uses the following package repositories and security trackers: -- [Alpine secdb](https://secdb.alpinelinux.org/) - [AlmaLinux Security Advisory](https://errata.almalinux.org/) +- [Alpine secdb](https://secdb.alpinelinux.org/) - [Amazon Linux Security Center](https://alas.aws.amazon.com/) - [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb) -- [CISA Known Exploited Vulnerability - Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) +- [CISA Known Exploited Vulnerability Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - [CISA Vulnrichment](https://github.com/cisagov/vulnrichment) +- [Chainguard Security Feed](https://packages.cgr.dev/chainguard/osv/all.json) - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/) - [Exploit Prediction Scoring System (EPSS)](https://api.first.org/epss/) - [GitHub Advisory Database](https://github.com/advisories/) -- [GitLab Advisory - Database](https://gitlab.com/gitlab-org/advisories-community/) +- [GitLab Advisory Database](https://gitlab.com/gitlab-org/advisories-community/) - [Golang VulnDB](https://github.com/golang/vulndb) -- [inTheWild, a community-driven open database of vulnerability - exploitation](https://github.com/gmatuz/inthewilddb) - [National Vulnerability Database](https://nvd.nist.gov/) - [Oracle Linux Security](https://linux.oracle.com/security/) - [Photon OS 3.0 Security Advisories](https://github.com/vmware/photon/wiki/Security-Updates-3) -- [Python Packaging Advisory - Database](https://github.com/pypa/advisory-database) +- [Python Packaging Advisory Database](https://github.com/pypa/advisory-database) - [RedHat Security Data](https://www.redhat.com/security/data/metrics/) - [Rocky Linux Security Advisory](https://errata.rockylinux.org/) - [RustSec Advisory Database](https://github.com/rustsec/advisory-db) - [SUSE Security CVRF](http://ftp.suse.com/pub/projects/security/cvrf/) - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/) - [Wolfi Security Feed](https://packages.wolfi.dev/os/security.json) -- [Chainguard Security Feed](https://packages.cgr.dev/chainguard/osv/all.json) +- [inTheWild, a community-driven open database of vulnerability exploitation](https://github.com/gmatuz/inthewilddb) When you enable Docker Scout for your Docker organization, a new database instance is provisioned on the Docker Scout platform. From e1090e538052380af901408ff84d0049949537c4 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 19 Nov 2024 14:29:48 +0100 Subject: [PATCH 3/3] chore: disable vale checks for advisory list Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/manuals/scout/deep-dive/advisory-db-sources.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/manuals/scout/deep-dive/advisory-db-sources.md b/content/manuals/scout/deep-dive/advisory-db-sources.md index d023e6de64..ee85f2039f 100644 --- a/content/manuals/scout/deep-dive/advisory-db-sources.md +++ b/content/manuals/scout/deep-dive/advisory-db-sources.md @@ -22,6 +22,8 @@ is represented using the latest available information, in real-time. Docker Scout uses the following package repositories and security trackers: + + - [AlmaLinux Security Advisory](https://errata.almalinux.org/) - [Alpine secdb](https://secdb.alpinelinux.org/) - [Amazon Linux Security Center](https://alas.aws.amazon.com/) @@ -46,6 +48,8 @@ Docker Scout uses the following package repositories and security trackers: - [Wolfi Security Feed](https://packages.wolfi.dev/os/security.json) - [inTheWild, a community-driven open database of vulnerability exploitation](https://github.com/gmatuz/inthewilddb) + + When you enable Docker Scout for your Docker organization, a new database instance is provisioned on the Docker Scout platform. The database stores the Software Bill of Materials (SBOM) and other metadata about your images.