Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/captn3m0/photon-os-advisories

Publish VMWare Photon Advisories in OSV format, automatically synced. Unofficial - not affiliated with VMWare
https://github.com/captn3m0/photon-os-advisories

git-scraping osv photon-os

Last synced: about 1 month ago
JSON representation

Publish VMWare Photon Advisories in OSV format, automatically synced. Unofficial - not affiliated with VMWare

Host: GitHub
URL: https://github.com/captn3m0/photon-os-advisories
Owner: captn3m0
License: mit
Created: 2022-12-31T05:16:16.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-09-18T05:38:29.000Z (about 2 months ago)
Last Synced: 2024-09-18T08:31:04.858Z (about 2 months ago)
Topics: git-scraping, osv, photon-os
Language: Python
Homepage: https://captnemo.in/photon-os-advisories/
Size: 1.35 MB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # VMWare Photon Advisories

## Background

- [VMWare Photon](https://vmware.github.io/photon) is a minimal linux container host OS.

- Photon Security Advisories are published by VMWare at https://github.com/vmware/photon/wiki/Security-Advisories.

- [OSV](https://ossf.github.io/osv-schema/) is a Open Source Vulnerability format, as specified by the [Open Source Security Foundation](https://openssf.org).

- [GSD Database](https://globalsecuritydatabase.org/) is a vulnerability database used by OSV.dev, and maintained by the [Cloud Security Alliance](https://cloudsecurityalliance.org/)

## What is this project?

The OSV.dev expects advisories to be published in the OSV format. This repository

republishes the advisories in the OSV format, and syncs them against the

[GSD Database](https://github.com/cloudsecurityalliance/gsd-database)

- [x] Picks up data from https://github.com/vmware/photon/wiki/Security-Advisories,

- [x] Get CVE metadata from https://packages.vmware.com/photon/photon_cve_metadata/

- [x] Generates advisories in the OSV format at `advisories/` using the above.

- [ ] Syncs Data to the GSD Database

## TODO:

- [x] Delete advisories that are deleted upstream (Experimental)

- [x] Automatic Update

- [ ] Automatic Sync (to GSD)

- [ ] Schema: Provide `credits`

- [x] Schema: Provide impacted packages

- [x] Schema: Provide all impacted packages, with version number that fixes the issue. (Available in all but 50-60 advisories)

- [ ] Schema: Provide summary/details/severity

- [ ] Schema: Provide SHA256 hashes under database_specific

## Contributing

Contributions are welcome! Since the advisories are automatically generated, please don't make

manual updates to the JSON advisory files. Instead update the generation script: `generate.py`.

## License

Licensed under the [MIT License](https://nemo.mit-license.org/). See LICENSE file for details.