-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(ruby): remove advisories from OSVDB #1208
Closed
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
knqyf263
added
the
kind/feature
Categorizes issue or PR as related to a new feature.
label
Sep 2, 2021
afdesk
added a commit
to afdesk/trivy
that referenced
this issue
Sep 4, 2021
Trivy no longer depends on OSVDB and can use "Ruby Advisory Database" for commercial usage. Fixes aquasecurity#1208
knqyf263
pushed a commit
that referenced
this issue
Sep 5, 2021
Trivy no longer depends on OSVDB and can use "Ruby Advisory Database" for commercial usage. Fixes #1208
liamg
pushed a commit
that referenced
this issue
Jun 7, 2022
Trivy no longer depends on OSVDB and can use "Ruby Advisory Database" for commercial usage. Fixes #1208
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview
One of our data sources, ruby-advisory-db depends on advisories from OSVDB.
https://github.com/rubysec/ruby-advisory-db/blob/master/LICENSE.txt
But OSVDB doesn't allow commercial usage without agreement.
We already have some data sources for Ruby. We can remove those advisories so that Trivy can be used in commercials.
Implementation
Skip OSVDB here.
https://github.com/aquasecurity/trivy-db/blob/62aa4616130e5e27b1eb33bf65a2e6b44090fc43/pkg/vulnsrc/bundler/bundler.go
References
rubysec/ruby-advisory-db#487
The text was updated successfully, but these errors were encountered: