Chainguard has created a new commercial distro that's based on Wolfi. This new distro has additional packages and consequently, a security data feed that's separate from Wolfi's.
It'd be amazing to see Trivy support scanning container images that are using this distro. 😃
The id for the new distro is just chainguard. The secdb structure is exactly the same as Wolfi's. The expected location of the secdb is https://packages.cgr.dev/chainguard/security.json.
I'm starting to prepare branches for the various Trivy repos now. I'll be applying the learnings from the PRs and your helpful review feedback from #3205. 🙏
Please let me know if you have any additional pointers or questions about this!
luhring
commented
1 year ago
Chainguard has created a new commercial distro that's based on Wolfi. This new distro has additional packages and consequently, a security data feed that's separate from Wolfi's.
It'd be amazing to see Trivy support scanning container images that are using this distro. 😃
The
idfor the new distro is justchainguard. The secdb structure is exactly the same as Wolfi's. The expected location of the secdb ishttps://packages.cgr.dev/chainguard/security.json.I'm starting to prepare branches for the various Trivy repos now. I'll be applying the learnings from the PRs and your helpful review feedback from #3205. 🙏
Please let me know if you have any additional pointers or questions about this!