{"id":24649778,"url":"https://github.com/archlinux/arch-security-tracker","last_synced_at":"2025-06-28T06:06:38.330Z","repository":{"id":41513070,"uuid":"66388960","full_name":"archlinux/arch-security-tracker","owner":"archlinux","description":"Arch Linux Security Tracker","archived":false,"fork":false,"pushed_at":"2024-05-30T14:08:54.000Z","size":724,"stargazers_count":125,"open_issues_count":43,"forks_count":40,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-01-25T17:27:00.248Z","etag":null,"topics":["advisory","archlinux","audit","cve","security","tracker","website"],"latest_commit_sha":null,"homepage":"https://security.archlinux.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/archlinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-23T17:36:35.000Z","updated_at":"2024-12-18T16:59:59.000Z","dependencies_parsed_at":"2024-03-25T11:52:27.520Z","dependency_job_id":"89eacfd4-519d-43ca-b32b-83cd1df2b321","html_url":"https://github.com/archlinux/arch-security-tracker","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/archlinux/arch-security-tracker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farch-security-tracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farch-security-tracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farch-security-tracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farch-security-tracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/archlinux","download_url":"https://codeload.github.com/archlinux/arch-security-tracker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farch-security-tracker/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262382744,"owners_count":23302298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["advisory","archlinux","audit","cve","security","tracker","website"],"created_at":"2025-01-25T17:22:30.844Z","updated_at":"2025-06-28T06:06:38.307Z","avatar_url":"https://github.com/archlinux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Arch Linux Security Tracker [![Build Status](https://travis-ci.com/archlinux/arch-security-tracker.svg?branch=master)](https://travis-ci.com/archlinux/arch-security-tracker)\n\nThe **Arch Linux Security Tracker** is a lightweight flask based panel\nfor tracking vulnerabilities in Arch Linux packages, displaying\nvulnerability details and generating security advisories.\n\n## Features\n\n* Issue tracking\n* Issue grouping\n* libalpm support\n* Todo lists\n* Advisory scheduling\n* Advisory generation\n* SSO or local users\n\n## Dependencies\n\n### Application\n\n* python \u003e= 3.4\n* python-sqlalchemy\n* python-sqlalchemy-continuum\n* python-flask\n* python-flask-sqlalchemy\n* python-flask-talisman\n* python-flask-wtf\n* python-flask-login\n* python-flask-migrate\n* python-authlib\n* python-email-validator\n* python-requests\n* python-scrypt\n* python-feedgen\n* python-pytz\n* python-markupsafe\n* pyalpm\n* sqlite\n\n### Tests\n\n* python-isort\n* python-pytest\n* python-pytest-cov\n\n### Virtualenv\n\nPython dependencies can be installed in a virtual environment (`venv`), by running:\n\n```\npython -m venv .virtualenv\n. .virtualenv/bin/activate\npip install -r requirements.txt\n```\n\nFor running tests:\n```\npip install -r test-requirements.txt\n```\n\n## Setup\n\n```\nmake\n```\n\nrun debug mode:\n\n```\nmake run\n```\n\nadding a new user:\n\n```\nmake user\n```\n\nrun tests:\n\n```\nmake test\n```\n\nFor production run it through ```uwsgi```\n\n## Command line interface\n\nThe ```trackerctl``` script provides access to the command line interface\nthat controls and operates different parts of the tracker. All commands\nand subcommands provide a ```--help``` option that describes the operation\nand all its available options.\n\n## Configuration\n\nThe configurations are all placed into the ```config``` directory and\napplied as a sorted cascade.\n\nThe default values in the ```00-default.conf``` file should not be\naltered for customization. If some tweaking is required, simply create\na new configuration file with a ```.local.conf``` suffix and some non\nzero prefix like ```20-user.local.conf```. Files using this suffix are\non the ```.gitignore``` and not handled as untracked or dirty.\n\n## SSO setup\n\nA simple test environment for SSO can be configured using Keycloak:\n\n1. Run a local Keycloak installation via docker as [described\n   upstream](https://www.keycloak.org/getting-started/getting-started-docker).\n\n2. Create an ```arch-security-tracker``` client in Keycloak like in\n   [test/data/openid-client.json](test/data/openid-client.json).\n   Make sure the client contains a mapper for the group memberships called\n   ```groups``` which is included as a claim.\n\n3. Create a local tracker config file with enabled SSO and configure OIDC\n   secrets, groups and metadata url accordingly.\n\n## Contribution\n\nHelp is appreciated, for some guidelines and recommendations check our\n[Contribution](CONTRIBUTING.md) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farchlinux%2Farch-security-tracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farchlinux%2Farch-security-tracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farchlinux%2Farch-security-tracker/lists"}