{"id":46592981,"url":"https://github.com/gardenlinux/package-glvd","last_synced_at":"2026-03-07T14:02:02.309Z","repository":{"id":256935202,"uuid":"856870053","full_name":"gardenlinux/package-glvd","owner":"gardenlinux","description":"Client program to query the glvd api, intended to be run on Garden Linux nodes","archived":false,"fork":false,"pushed_at":"2026-02-04T16:44:28.000Z","size":71,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-02-05T00:45:56.816Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gardenlinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-09-13T11:12:54.000Z","updated_at":"2026-02-04T13:14:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"e6134695-bdfc-42f4-ad94-06ea08a26230","html_url":"https://github.com/gardenlinux/package-glvd","commit_stats":null,"previous_names":["gardenlinux/glvd-client","gardenlinux/package-glvd"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/gardenlinux/package-glvd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardenlinux%2Fpackage-glvd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardenlinux%2Fpackage-glvd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardenlinux%2Fpackage-glvd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardenlinux%2Fpackage-glvd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gardenlinux","download_url":"https://codeload.github.com/gardenlinux/package-glvd/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardenlinux%2Fpackage-glvd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30216492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T13:35:13.914Z","status":"ssl_error","status_checked_at":"2026-03-07T13:35:13.569Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-07T14:02:01.649Z","updated_at":"2026-03-07T14:02:02.304Z","avatar_url":"https://github.com/gardenlinux.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# package-glvd\n\n`package-glvd` is a command-line tool for querying the [Garden Linux Vulnerability Database (GLVD)](https://security.gardenlinux.org/) API. It helps you identify CVEs affecting installed packages on Garden Linux nodes or container images.\n\nYou can install `package-glvd` in Garden Linux images by enabling the `glvd` feature at build time, or at runtime via `apt` (the package name is `glvd`).\n\nWhile primarily designed for use on Garden Linux nodes, `package-glvd` also supports a developer mode for local development and testing.\n\n## Features\n\n- Check for CVEs affecting installed packages.\n- Query CVEs for a custom list of packages (\"what-if\" analysis).\n- Print an executive summary of potential security issues.\n- Supports both human-readable and JSON output.\n\n## Usage\n\n```sh\nglvd [command] [args]\n```\n\n### Commands\n\n- `check`  \n  Query CVEs for all installed source packages.\n\n- `what-if \u003cpkg1\u003e \u003cpkg2\u003e ...`  \n  Query CVEs for a custom list of source packages.\n\n- `executive-summary`  \n  Print a summary of the number of potential security issues.\n\n### Options\n\n- Set `GLVD_CLIENT_JSON_OUTPUT=true` to get JSON output.\n- Set `GLVD_CLIENT_DEV_MODE=true` to run using test data from `test-data/`.\n\n### Examples\n\nCheck for CVEs affecting installed packages:\n\n```sh\nglvd check\n```\n\nCheck for CVEs affecting specific packages:\n\n```sh\nglvd what-if vim bash coreutils\n```\n\nPrint an executive summary:\n\n```sh\nglvd executive-summary\n```\n\nGet JSON output:\n\n```sh\nGLVD_CLIENT_JSON_OUTPUT=true glvd check\n```\n\n## Development\n\nTo run locally with test data:\n\n```sh\nGLVD_CLIENT_DEV_MODE=true go run .\n```\n\n### Configuring the API Base URL\n\nBy default, `package-glvd` uses `https://security.gardenlinux.org` as the API endpoint.  \nYou can override this by setting the `GLVD_API_BASE_URL` environment variable:\n\n```sh\nexport GLVD_API_BASE_URL=\"http://localhost:8080\"\nglvd check\n```\n\n## Building\n\nThis project provides a `Makefile` for common development tasks.\n\n### Format the code\n\n```sh\nmake fmt\n```\n\n### Build the binary for your current platform\n\n```sh\nmake build\n```\n\nThe output will be a binary named `glvd`.\n\n### Build Linux binaries for amd64 and arm64\n\n```sh\nmake build-linux\n```\n\nThis will produce:\n- `glvd-linux-amd64`\n- `glvd-linux-arm64`\n\n### Clean build artifacts\n\n```sh\nmake clean\n```\n\n## Release a new version of the client\n\nTo release a new version of the client:\n\n1. Edit the `debian/changelog` file and add a new version entry, following the format of previous entries.\n2. Commit your changes and push them to the `main` branch.\n\nThis will trigger the pipeline to build and publish the new version automatically.\n\nFor reference, see [this example commit](https://github.com/gardenlinux/package-glvd/commit/10209351ca301cdb091ed9fc40dff9a59e7345e3).\n\n## License\n\nMIT License. See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgardenlinux%2Fpackage-glvd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgardenlinux%2Fpackage-glvd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgardenlinux%2Fpackage-glvd/lists"}