Show HN: Releasing Vulnerabilities of Open Source Software
Thrilled to announce that very soon The List Of Vulnerabilities collected from multiple platforms including ( npm, Maven, Go, NuGet, PyPI, RubyGems, crates.io, Packagist, Linux, OSS-Fuzz ) will be live at https://vulert.com/vuln-list. In short we are making sure that no vulnerability is left unreported and your software/service is always protected from unexpected attacks.
Who doesn’t know Vulert Yet: Vulert, without any integration, notifies you if a Security Issue is found in any of the open-source software you are relying upon.
HOW DOES VULERT PROTECT YOU ?
PRIVACY: You don't need to share your codebase or integrate anything, all you need to do is to upload the list of open-source software you use.
IMPROVED SECURITY: Existing solutions check the Current Security of your software. Unlike them we track your application not only for current but also for Future Security Issues.
ECONOMICAL: You don’t need security staff just to keep track of your dependencies, Vulert can do it efficiently and it's very economical.
HOW DOES VULERT WORK ?
We keep an eye on open source code, our security team analyzes changes in the open source software.
On an hourly basis, we gather the security advisories of the Vendors / Security Researchers.
In case we find any security advisory for a software used by our customers, We notify them.
Feel free to give feedback or ask any query, to contact info@vulert.com
Does it include all the VulnDBs integrated into the OSS Anchore / Grype?
https://github.com/anchore/anchore
https://github.com/anchore/grype
Yes, basically this tool is relying on github advisories, which is included in our list.