PurlDB: Collect and index all the the RHEL packages used in UBI's

nexB / purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss

https://purldb.readthedocs.io/

29 stars 21 forks source link

PurlDB: Collect and index all the the RHEL packages used in UBI's #407

Open pombredanne opened 2 months ago

pombredanne commented 2 months ago

UBI stands for Universal Base Image and is based on RHEL (not open source) We should index these images so we can match them (and their packages)

For instance: https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1067.1696517599

See https://hub.docker.com/r/redhat/ubi8/tags For instance we have the sources for each tagged image:

redhat/ubi8:8.9-1160
and redhat/ubi8:8.9-1160-source (Using one layer for the source of one packages... therefore many layers)

pombredanne commented 2 months ago

The RHEL repos are at https://cdn-ubi.redhat.com/content/public/ubi/