DPKG
Debian package format used by Debian-based Linux distributions
Package analysis
| Cataloger + Evidence | License | Dependencies | Package Manager Claims | ||||
|---|---|---|---|---|---|---|---|
| Depth | Edges | Kinds | Files | Digests | Integrity Hash | ||
deb-archive-cataloger *.deb |
|||||||
dpkg-db-cataloger lib/dpkg/status, lib/dpkg/status.d/*, lib/opkg/info/*.control, lib/opkg/status |
transitive | complete | runtime | ||||
Notable capabilities:
- OPKG compatibility: Syft supports OpenWrt’s OPKG package manager format using the same cataloger.
- Distroless images: Syft automatically detects and supports Google distroless images that use
/var/lib/dpkg/status.d/.
Vulnerability scanning
| Data Source | Disclosures | Fixes | Track by Source Package |
||
|---|---|---|---|---|---|
| Affected | Date | Versions | Date | ||
| Debian Security Tracker (DSA, DLA) | |||||
| ECHO Security | |||||
| Ubuntu CVE Tracker (USN) | |||||
Operating systems
| Operating System | Supported Versions | Provider | Data Source |
|---|---|---|---|
| Debian | 7 (wheezy), 8 (jessie), 9 (stretch), 10 (buster), 11 (bullseye), 12 (bookworm), 13 (trixie), 14, unstable | debian | Debian Security Tracker |
| Echo OS | rolling | echo | ECHO Security |
| Raspberry Pi OS | 7 (wheezy), 8 (jessie), 9 (stretch), 10 (buster), 11 (bullseye), 12 (bookworm), 13 (trixie), 14, unstable | debian | Debian Security Tracker |
| Ubuntu | 12.04 (precise), 12.10 (quantal), 13.04 (raring), 14.04 (trusty), 14.10 (utopic), 15.04 (vivid), 15.10 (wily), 16.04 (xenial), 16.10 (yakkety), 17.04 (zesty), 17.10 (artful), 18.04 (bionic), 18.10 (cosmic), 19.04 (disco), 19.10 (eoan), 20.04 (focal), 20.10 (groovy), 21.04 (hirsute), 21.10 (impish), 22.04 (jammy), 22.10 (kinetic), 23.04 (lunar), 23.10 (mantic), 24.04 (noble), 24.10 (oracular), 25.04 (plucky), 25.10 | ubuntu | Ubuntu CVE Tracker |