https://github.com/anchore/vulnerability-match-labels

Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners
https://github.com/anchore/vulnerability-match-labels

dataset hacktoberfest labels vulnerabilities

Last synced: 6 months ago
JSON representation

Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners

• Host: GitHub
• URL: https://github.com/anchore/vulnerability-match-labels
• Owner: anchore
• License: cc0-1.0
• Created: 2022-09-21T17:22:20.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-03-05T13:54:37.000Z (8 months ago)
• Last Synced: 2025-04-02T16:50:38.470Z (7 months ago)
• Topics: dataset, hacktoberfest, labels, vulnerabilities
• Language: Python
• Homepage:
• Size: 4.22 MB
• Stars: 11
• Watchers: 11
• Forks: 5
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# vulnerability-match-labels

This repo contains labeled vulnerability-package match pairs for select container images. These labels are used as a ground truth for evaluating the performance of vulnerability scanner tools (such as [grype](https://github.com/anchore/grype)). The label data structure is governed by the `artifact.LabelEntry` from [yardstick](https://github.com/anchore/yardstick), the tool used to create these labels.

SBOMs for images with labels are stored as artifacts within the `ghcr.io/anchore/vml-sbom/*` container registry for convenience. 

To see this data in action see [`test/quality` in the grype repo](https://github.com/anchore/grype/tree/main/test/quality).