{"id":45182667,"url":"https://github.com/vulnlog/vulnlog","last_synced_at":"2026-04-19T15:07:02.373Z","repository":{"id":278932232,"uuid":"785709551","full_name":"vulnlog/vulnlog","owner":"vulnlog","description":"Software Vulnerability Tracking for Development Teams","archived":false,"fork":false,"pushed_at":"2025-10-12T12:05:49.000Z","size":1829,"stargazers_count":4,"open_issues_count":11,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-17T06:58:05.667Z","etag":null,"topics":["application-security","devsecops","dsl","sca","security-automation","software-security","suppressions","vulnerabilities","vulnerability-analysis","vulnerability-reports","vulnerability-suppressions"],"latest_commit_sha":null,"homepage":"https://vulnlog.dev","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vulnlog.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"ryru"}},"created_at":"2024-04-12T13:07:46.000Z","updated_at":"2025-10-12T12:05:50.000Z","dependencies_parsed_at":"2025-03-29T08:21:28.829Z","dependency_job_id":"eddf2812-bcdb-4db3-8e0b-bc4052949c4a","html_url":"https://github.com/vulnlog/vulnlog","commit_stats":null,"previous_names":["vulnlog/vulnlog"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/vulnlog/vulnlog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vulnlog","download_url":"https://codeload.github.com/vulnlog/vulnlog/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vulnlog%2Fvulnlog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29647768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T09:27:29.698Z","status":"ssl_error","status_checked_at":"2026-02-20T09:26:12.373Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-security","devsecops","dsl","sca","security-automation","software-security","suppressions","vulnerabilities","vulnerability-analysis","vulnerability-reports","vulnerability-suppressions"],"created_at":"2026-02-20T10:01:54.218Z","updated_at":"2026-04-19T15:07:02.365Z","avatar_url":"https://github.com/vulnlog.png","language":"Kotlin","funding_links":["https://github.com/sponsors/ryru"],"categories":[],"sub_categories":[],"readme":"[![Vulnlog](assets/banner-1500x500-light-grey.png)](https://github.com/vulnlog/vulnlog)\n\n[![GitHub release](https://img.shields.io/github/v/release/vulnlog/vulnlog?color=%23f405c5)](https://github.com/vulnlog/vulnlog/releases)\n[![Continuous Integration](https://github.com/vulnlog/vulnlog/actions/workflows/ci.yaml/badge.svg)](https://github.com/vulnlog/vulnlog/actions/workflows/ci.yaml)\n\nVulnlog is an open-source tool for tracking, documenting and communicating vulnerability analysis directly in your\nsource code repository. It uses a simple YAML format for recording your findings and a CLI for generating suppression\nfiles for common SCA scanners.\n\n\u003e **Note:** Vulnlog is in active development. The YAML format, CLI commands and Gradle plugin may still change.\n\u003e Feedback and contributions are very welcome!\n\n## Why Vulnlog?\n\nSCA scanners find vulnerabilities, but the analysis, triage and reasoning usually live in tickets, spreadsheets or\nsomeone's head. Vulnlog gives that context a home right next to your code:\n\n- **One place for your analysis** -- document verdicts, justifications and resolution plans in version-controlled YAML.\n- **Suppression file generation** -- feed your analysis back into scanners like Trivy, Snyk, Dependency-Check, Grype\n  and others so they stop flagging what you have already reviewed.\n- **Works with your workflow** -- use the CLI locally, in CI, or via the Gradle plugin.\n\n## Quick Start\n\n### Install the CLI\n\nDownload a native binary from the [latest release](https://github.com/vulnlog/vulnlog/releases), or pull the\nDocker image:\n\n```sh\ndocker pull ghcr.io/vulnlog/vulnlog:latest\n```\n\n### Scaffold a new Vulnlog file\n\n```sh\nvulnlog init --organization \"Acme Corp\" --name \"Acme Web App\" --author \"Security Team\" -o vulnlog.yaml\n```\n\nThis creates a minimal `vulnlog.yaml` you can start editing.\n\n### Write your first entry\n\nA Vulnlog file is plain YAML. Here is a minimal example:\n\n```yaml\n# $schema: https://vulnlog.dev/schema/vulnlog-v1.json\n---\nschemaVersion: \"1\"\n\nproject:\n  organization: Acme Corp\n  name: Acme Web App\n  author: Security Team\n\nreleases:\n  - id: 1.0.0\n    published_at: 2026-01-15\n\nvulnerabilities:\n\n  - id: CVE-2026-1234\n    releases: [ 1.0.0 ]\n    description: Remote code execution in example-lib\n    packages: [ \"pkg:npm/example-lib@2.3.0\" ]\n    reports:\n      - reporter: trivy\n    analysis: \u003e\n      The vulnerable code path is not reachable in our application\n      because we only use the safe subset of the API.\n    verdict: not affected\n    justification: vulnerable code not in execute path\n```\n\n### Validate and generate suppression files\n\n```sh\n# Check the file for errors\nvulnlog validate vulnlog.yaml\n\n# Generate suppression files for all reporters\nvulnlog suppress vulnlog.yaml -o ./suppressions/\n\n# Or for a single reporter, written to stdout\nvulnlog suppress vulnlog.yaml --reporter trivy -o -\n```\n\n## Documentation\n\n- [Getting Started](https://vulnlog.dev/docs/vulnlog/0.11.0/quickstart.html)\n- [Project Website](https://vulnlog.dev/)\n- [Documentation](https://vulnlog.dev/docs/)\n- [Changelog](CHANGELOG.md)\n\n## Community\n\n[![Bluesky](https://img.shields.io/bluesky/followers/vulnlog.bsky.social?style=flat\u0026logo=bluesky\u0026labelColor=white\u0026color=blue)](https://bsky.app/profile/vulnlog.bsky.social)\n[![Mastodon](https://img.shields.io/mastodon/follow/114149693629631038?domain=infosec.exchange\u0026style=flat\u0026logo=mastodon\u0026labelColor=white\u0026color=blue)](https://infosec.exchange/@vulnlog)\n\n## Contributing\n\nContributions are welcome! Whether it is a bug report, a docs fix, or a new feature -- check out\n[CONTRIBUTING.md](CONTRIBUTING.md) to get started. If you are looking for something to pick up, look for issues\nlabelled **good first issue**.\n\n:star: If you find Vulnlog useful, giving it a star on GitHub helps others discover the project.\n\nThanks go to all contributors:\n\n\u003ca href=\"https://github.com/vulnlog/vulnlog/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=vulnlog/vulnlog\" alt=\"Contributors\" /\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvulnlog%2Fvulnlog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvulnlog%2Fvulnlog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvulnlog%2Fvulnlog/lists"}