{"id":13993853,"url":"https://github.com/anchore/vunnel","last_synced_at":"2026-02-14T02:05:03.426Z","repository":{"id":148384585,"uuid":"572686764","full_name":"anchore/vunnel","owner":"anchore","description":"Tool for collecting vulnerability data from various sources (used to build the grype database)","archived":false,"fork":false,"pushed_at":"2026-01-28T23:34:57.000Z","size":4494,"stargazers_count":110,"open_issues_count":51,"forks_count":49,"subscribers_count":14,"default_branch":"main","last_synced_at":"2026-01-29T08:59:04.307Z","etag":null,"topics":["data","grype","hacktoberfest","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anchore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-11-30T20:13:52.000Z","updated_at":"2026-01-28T23:33:44.000Z","dependencies_parsed_at":"2023-10-17T01:17:53.658Z","dependency_job_id":"4d69037f-7dbc-4ef4-9e6f-d428f2d3cf6f","html_url":"https://github.com/anchore/vunnel","commit_stats":null,"previous_names":[],"tags_count":103,"template":false,"template_full_name":null,"purl":"pkg:github/anchore/vunnel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fvunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fvunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fvunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fvunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anchore","download_url":"https://codeload.github.com/anchore/vunnel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fvunnel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29054058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T15:43:47.601Z","status":"ssl_error","status_checked_at":"2026-02-03T15:43:46.709Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data","grype","hacktoberfest","vulnerability"],"created_at":"2024-08-09T14:02:35.554Z","updated_at":"2026-02-03T19:04:09.190Z","avatar_url":"https://github.com/anchore.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# vunnel\n\n**A tool for fetching, transforming, and storing vulnerability data from a variety of sources.**\n\n[![GitHub release](https://img.shields.io/github/release/anchore/vunnel.svg)](https://github.com/anchore/vunnel/releases/latest)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/vunnel/blob/main/LICENSE)\n[![Join our Discourse](https://img.shields.io/badge/Discourse-Join-blue?logo=discourse)](https://anchore.com/discourse)\n\n![vunnel-demo](https://user-images.githubusercontent.com/590471/226942827-e19742ef-e66e-4e11-8f9b-fb74c40f1dee.gif)\n\nSupported data sources:\n- Alpine (https://secdb.alpinelinux.org)\n- Amazon (https://alas.aws.amazon.com/AL2/alas.rss \u0026 https://alas.aws.amazon.com/AL2022/alas.rss)\n- Azure (https://github.com/microsoft/AzureLinuxVulnerabilityData)\n- Debian (https://security-tracker.debian.org/tracker/data/json \u0026 https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/DSA/list)\n- Echo (https://advisory.echohq.com/data.json)\n- GitHub Security Advisories (https://api.github.com/graphql)\n- NVD (https://services.nvd.nist.gov/rest/json/cves/2.0)\n- Oracle (https://linux.oracle.com/security/oval)\n- RedHat (https://www.redhat.com/security/data/oval)\n- SLES (https://ftp.suse.com/pub/projects/security/oval)\n- Ubuntu (https://launchpad.net/ubuntu-cve-tracker)\n- Wolfi (https://packages.wolfi.dev)\n\n\n## Prerequisites\n\nThe following system tools must be available on your PATH:\n- **git** - Required by some providers that fetch data from git repositories\n\n## Installation\n\nWith pip:\n\n```bash\npip install vunnel\n```\n\nWith docker:\n\n```bash\ndocker run \\\n  --rm -it \\\n  -v $(pwd)/data:/data \\\n  -v $(pwd)/.vunnel.yaml:/.vunnel.yaml \\\n    ghcr.io/anchore/vunnel:latest  \\\n      run nvd\n```\nWhere:\n  - the `data` volume keeps the processed data on the host\n  - the `.vunnel.yaml` uses the host application config (if present)\n  - you can swap `latest` for a specific version (same as the git tags)\n\nSee [the vunnel package](https://github.com/anchore/vunnel/pkgs/container/vunnel) for a full listing of available tags.\n\n\n## Getting Started\n\nList the available vulnerability data providers:\n\n```\n$ vunnel list\n\nalpine\namazon\nchainguard\ndebian\necho\ngithub\nmariner\nminimos\nnvd\noracle\nrhel\nsles\nubuntu\nwolfi\n```\n\nDownload and process a provider:\n\n```\n$ vunnel run wolfi\n\n2023-01-04 13:42:58 root [INFO] running wolfi provider\n2023-01-04 13:42:58 wolfi [INFO] downloading Wolfi secdb https://packages.wolfi.dev/os/security.json\n2023-01-04 13:42:59 wolfi [INFO] wrote 56 entries\n2023-01-04 13:42:59 wolfi [INFO] recording workspace state\n```\n\nYou will see the processed vulnerability data in the local `./data` directory\n\n```\n$ tree data\n\ndata\n└── wolfi\n    ├── checksums\n    ├── metadata.json\n    ├── input\n    │   └── secdb\n    │       └── os\n    │           └── security.json\n    └── results\n        └── wolfi:rolling\n            ├── CVE-2016-2781.json\n            ├── CVE-2017-8806.json\n            ├── CVE-2018-1000156.json\n            └── ...\n```\n\n*Note: to get more verbose output, use `-v`, `-vv`, or `-vvv` (e.g. `vunnel -vv run wolfi`)*\n\nDelete existing input and result data for one or more providers:\n\n```\n$ vunnel clear wolfi\n\n2023-01-04 13:48:31 root [INFO] clearing wolfi provider state\n```\n\nExample config file for changing application behavior:\n\n```yaml\n# .vunnel.yaml\nroot: ./processed-data\n\nlog:\n  level: trace\n\nproviders:\n  wolfi:\n    request_timeout: 125\n    runtime:\n      existing_input: keep\n      existing_results: delete-before-write\n      on_error:\n        action: fail\n        input: keep\n        results: keep\n        retry_count: 3\n        retry_delay: 10\n\n```\n\nUse `vunnel config` to get a better idea of all of the possible configuration options.\n\n\n## FAQ\n\n\n### Can I implement a new provider?\n\nYes you can! See [the provider docs](https://github.com/anchore/vunnel/blob/main/DEVELOPING.md#adding-a-new-provider) for more information.\n\n\n### Why is it called \"vunnel\"?\n\nThis tool \"funnels\" vulnerability data into a single spot for easy processing... say \"vulnerability data funnel\" 100x fast enough and eventually it'll slur to \"vunnel\" :).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fvunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanchore%2Fvunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fvunnel/lists"}