search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.21k stars 353 forks source link

Add RPM/Red Hat ecosystem support #254

Open cmaritan opened 1 year ago

cmaritan commented 1 year ago

As briefly discussed here, osv.dev has not support for RPM Ecosystem (right now) but, if you think that it makes sense, we can start discussing it.

Managing rpmdb is different from other lockfiles already supported until now by osv-scanner because they are not text files but instead:

Support using current osv-scanner API is straightforward and also the io.Reader support scenario should have no problems (see my latest update of draft #164 that uses temporary files). I made a PR, of course let me know if it makes sense to you of it's worth waiting support on osv.dev side.

github-actions[bot] commented 2 months ago

This issue has not had any activity for 60 days and will be automatically closed in two weeks