{"id":45182667,"url":"https://github.com/vulnlog/vulnlog","last_synced_at":"2026-02-20T10:01:55.046Z","repository":{"id":278932232,"uuid":"785709551","full_name":"vulnlog/vulnlog","owner":"vulnlog","description":"Software Vulnerability Tracking for Development Teams","archived":false,"fork":false,"pushed_at":"2025-10-12T12:05:49.000Z","size":1829,"stargazers_count":4,"open_issues_count":11,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-17T06:58:05.667Z","etag":null,"topics":["application-security","devsecops","dsl","sca","security-automation","software-security","suppressions","vulnerabilities","vulnerability-analysis","vulnerability-reports","vulnerability-suppressions"],"latest_commit_sha":null,"homepage":"https://vulnlog.dev","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vulnlog.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"ryru"}},"created_at":"2024-04-12T13:07:46.000Z","updated_at":"2025-10-12T12:05:50.000Z","dependencies_parsed_at":"2025-03-29T08:21:28.829Z","dependency_job_id":"eddf2812-bcdb-4db3-8e0b-bc4052949c4a","html_url":"https://github.com/vulnlog/vulnlog","commit_stats":null,"previous_names":["vulnlog/vulnlog"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/vulnlog/vulnlog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vulnlog","download_url":"https://codeload.github.com/vulnlog/vulnlog/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29647768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T09:27:29.698Z","status":"ssl_error","status_checked_at":"2026-02-20T09:26:12.373Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-security","devsecops","dsl","sca","security-automation","software-security","suppressions","vulnerabilities","vulnerability-analysis","vulnerability-reports","vulnerability-suppressions"],"created_at":"2026-02-20T10:01:54.218Z","updated_at":"2026-02-20T10:01:55.038Z","avatar_url":"https://github.com/vulnlog.png","language":"Kotlin","readme":"[![Vulnlog](https://vulnlog.dev/logo/banner-1500x500-light-grey.png)](https://github.com/vulnlog/vulnlog)\n\n:star: Please star us on [Github](https://github.com/vulnlog/vulnlog) to promote the project!\n\n[![GitHub release](https://img.shields.io/github/v/release/vulnlog/vulnlog?color=%23f405c5)](https://github.com/vulnlog/vulnlog/releases)\n[![Continuous Integration](https://github.com/vulnlog/vulnlog/actions/workflows/ci.yaml/badge.svg)](https://github.com/vulnlog/vulnlog/actions/workflows/ci.yaml)\n\nVulnlog is a tool that enables you to track, organise and communicate reported software vulnerabilities all in one\nplace.\n\nIt consists of a domain-specific language (DSL) for documenting software vulnerability analysis within your source code\nrepository, as well as a command-line interface (CLI) application for generating HTML reports and suppression files (in\nthe upcoming release). Vulnlog is designed to be used in your CI pipeline to automate the generation of HTML reports and\nsuppression files.\n\n**Caution: The project is still in early development, the DSL, CLI commands, the Gradle plugin and the HTML report are\nsubject to change.** Any feedback on the tool is very appreciated!\n\n## Features\n\n- A simple DSL for documenting reported software vulnerabilities in one place.\n- Supports multiple parallel release branches.\n- Automated generation of HTML vulnerability reports to communicate your analysis and promote transparency.\n- Automated generation of suppression files for software component analysis (SCA) scanners in the upcoming release.\n- A Gradle plugin to easily integrate Vulnlog into existing workflows.\n- A CLI tool for use locally or within your CI pipeline.\n\n## Quick Start\n\nThe easiest way is to use the [Gradle Vulnlog plugin](https://plugins.gradle.org/plugin/dev.vulnlog.dslplugin). Add the\nVulnlog DSL plugin to your `build.gradle.kts` file:\n\n```kotlin\nplugins {\n    id(\"java\")\n    id(\"dev.vulnlog.dslplugin\") version \"$version\"\n}\n```\n\nCheck that the Gradle plugin is correctly applied by running the `showCliVersion` task:\n\n```\n./gradlew showCliVersion\nVulnlog $version\n```\n\n## Generate your first Report\n\nCreate a Vulnlog definitions file containing the release definitions and a vulnerability reporter for your project.\nAn example file is`definitions.vl.kts`:\n\n```kotlin\nreleases {\n    branch(\"branch 1\") {\n        release(\"0.1.0\", \"2025-01-01\")\n        release(\"0.1.1\", \"2025-01-23\")\n        release(\"0.2.0\")\n    }\n    branch(\"branch 2\") {\n        release(\"2.0.0\", \"2025-02-01\")\n        release(\"2.1.0\")\n    }\n}\n\nreporters {\n    reporter(\"demo reporter\")\n}\n```\n\nThis defines two release branches, `branch1` and `branch2`, which contain multiple releases. A release without a\npublication date is still in development. Also, a reporter, `demoReporter`, is defined.\n\nThe next step is to create a Vulnlog project file containing your vulnerability analysis. For this demo example, the\nfile used is `demo.vl.kts`:\n\n```kotlin\nval branch1 by ReleaseBranchProvider\nval branch2 by ReleaseBranchProvider\n\nval demoReporter by ReporterProvider\n\nvuln(\"CVE-1337-42\") {\n    report from demoReporter at \"2025-01-28\" on branch1..branch2\n    analysis analysedAt \"2025-01-30\" verdict notAffected because \"\"\"\n        This is just a demo entry for demonstration purpose.\n    \"\"\".trimIndent()\n    task update \"vulnerable.dependency\" atLeastTo \"1.2.3\" on all\n    execution suppress untilNextPublication on all\n}\n```\n\nThe first two lines introduce the two release branches. The third line introduces the reporter. _CVE-1337-42_ has been\ncreated for demonstration purposes.\n\n- `report` describes which reporter found this CVE, when you became aware of it and on which release branches the CVE\n  was found.\n- `analysis` describes when the report was analysed and the verdict assigned, along with the reasoning behind it.\n- `task` describes the actions needed to resolve this issue, which is usually a dependency update.\n- `execution` section describes what should be done with the report until it is fixed.\n\nGenerate one report per release branch: `vl definitions.vl.kts report --output ./` This should produce\n`./report-branch1.html` and `./report-branch2.html`.\n\n## Documentation and more Information\n\nFor more information, check out the [project website](https://vulnlog.dev/), the release change logs\nin [CHANGELOG.md](CHANGELOG.md), the DSL troubleshooting guide in [TROUBLESHOOTING.md](TROUBLESHOOTING.md) and\nthe [DSL API documentation](https://vulnlog.dev/dslapi/latest/).\n\nTo see the Vulnlog in action, check out this [demo project](https://github.com/vulnlog/demo).\n\n- [Getting Started](https://vulnlog.dev/getting-started/)\n- [DSL Reference](https://vulnlog.dev/documentation/)\n\n## Contributors\n\nThanks goes to these wonderful people ✨\n\n\u003ca href=\"https://github.com/vulnlog/vulnlog/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=vulnlog/vulnlog\"  alt=\"List of all contributors.\"/\u003e\n\u003c/a\u003e\n\nMade with [contrib.rocks](https://contrib.rocks).\n\n## Socials\n\n[![Bluesky followers](https://img.shields.io/bluesky/followers/vulnlog.bsky.social?style=flat\u0026logo=bluesky\u0026labelColor=white\u0026color=blue)](https://bsky.app/profile/vulnlog.bsky.social)\n[![Mastodon followers](https://img.shields.io/mastodon/follow/114149693629631038?domain=infosec.exchange\u0026style=flat\u0026logo=mastodon\u0026labelColor=white\u0026color=blue)](https://infosec.exchange/@vulnlog)\n\n## License\n\nVulnlog is licensed under the [GPL-3.0 License](LICENSE).\n","funding_links":["https://github.com/sponsors/ryru"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvulnlog%2Fvulnlog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvulnlog%2Fvulnlog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvulnlog%2Fvulnlog/lists"}