Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.
/ secdb Public archive

Tool for generating Wolfi security databases

License

Notifications You must be signed in to change notification settings

wolfi-dev/secdb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

wolfi-secdb (ARCHIVED)

Warning

This project is no longer maintained and should not be used. This tool has been replaced by functionality in wolfictl (see docs and code).

Tool for generating Wolfi security databases

Usage

To create a security database for a given project, you can do something like:

$ wolfi-secdb generate ./path/to/source-repo \
   --base-url https://packages.wolfi.dev/... \
   --output-filename security/your-repo-name.json \
   --repo-name your-repo-name

For the Wolfi distribution, there is a GitHub action located in chainguard-dev/actions.

Specification

Wolfi security databases are based on Alpine's security database format, presenting a serialized JSON graph.

Root

The root of the graph has these fields:

  • urlprefix: The prefix for all URLs. In Wolfi itself, this is https://packages.wolfi.dev.

  • apkurl: The pattern used to deduce the package URL. In Wolfi itself, this is {{urlprefix}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk

  • reponame: The name of the repository, such as bootstrap/stage3.

  • archs: The architectures for packages built in the repository. In Wolfi itself, this is presently [ "x86_64" ].

  • packages: A list of package objects which have security updates.

Package entries

A package object is a JSON object which has a single pkg object underneath it, which has the following fields:

  • name: The name of the package.

  • secfixes: An object containing version identifiers and lists of well-known vulnerability identifiers fixed by the package version.

Example

{
  "urlprefix": "https://packages.wolfi.dev",
  "apkurl": "{{urlprefix}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
  "reponame": "example/repo",
  "archs": ["x86_64"],
  "packages": [
    {
      "pkg": {
        "name": "foo",
        "secfixes": {
          "1.2.3-r1": [
            "CVE-9999-99999"
          ]
        }
      }
    }
  ]
}

About

Tool for generating Wolfi security databases

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages