APK
APK package format analysis and vulnerability scanning capabilities
Package analysis
| Cataloger + Evidence | License | Dependencies | Package Manager Claims | ||||
|---|---|---|---|---|---|---|---|
| Depth | Edges | Kinds | Files | Digests | Integrity Hash | ||
apk-db-cataloger lib/apk/db/installed |
direct | complete | runtime | ||||
Vulnerability scanning
| Data Source | Disclosures | Fixes | Track by Source Package |
||
|---|---|---|---|---|---|
| Affected | Date | Versions | Date | ||
| Alpine SecDB | |||||
| National Vulnerability Database (NVD) | |||||
| Chainguard Security | |||||
| MINIMOS Security | |||||
| Wolfi Security | |||||
Operating systems
| Operating System | Supported Versions | Provider | Data Source |
|---|---|---|---|
| Alpine Linux | 3.2+, edge | alpine | Alpine SecDB |
| Chainguard OS | rolling | chainguard | Chainguard Security |
| MinimOS | rolling | minimos | MINIMOS Security |
| Wolfi | rolling | wolfi | Wolfi Security |
The APK vulnerability database (a.k.a. “SecDB”) includes data from the Alpine Security Tracker, which provides detailed information on vulnerabilities affecting Alpine Linux packages. This database only includes vulnerabilities that have fixes available and does not track unfixed vulnerabilities. The maintainers of the SecDB intend for the primary source of truth for disclosures to be the National Vulnerability Database (NVD).
This is true of other APK vulnerability data sources as well (such as Chainguard, Wolfi, and MinimOS).