Chainguard has created a new commercial distro that's based on Wolfi. This new distro has additional packages and consequently, a security data feed that's separate from Wolfi's.
It'd be amazing to see Trivy support scanning container images that are using this distro. 😃
The id for the new distro is just chainguard. The secdb structure is exactly the same as Wolfi's. The expected location of the secdb is https://packages.cgr.dev/chainguard/security.json.
I'm starting to prepare branches for the various Trivy repos now. I'll be applying the learnings from the PRs and your helpful review feedback from #3205. 🙏
Please let me know if you have any additional pointers or questions about this!
Chainguard has created a new commercial distro that's based on Wolfi. This new distro has additional packages and consequently, a security data feed that's separate from Wolfi's.
It'd be amazing to see Trivy support scanning container images that are using this distro. 😃
The
id
for the new distro is justchainguard
. The secdb structure is exactly the same as Wolfi's. The expected location of the secdb ishttps://packages.cgr.dev/chainguard/security.json
.I'm starting to prepare branches for the various Trivy repos now. I'll be applying the learnings from the PRs and your helpful review feedback from #3205. 🙏
Please let me know if you have any additional pointers or questions about this!