Import Alpine Linux vulnerabilities into Advisory Database from source
Data from the Alpine vulnerability trackers (the alpine
and alpine-unfixed
data sources in use by Aqua's Trivy databases) is restrictively licensed. We therefore need to import Alpine vulnerabilities directly from their source into our GitLab Advisory Database without using any of the CC-BY-SA licensed code.
The data can be parsed from Alpine's package repository (example APKBUILD
file).
Related Slack thread: https://gitlab.slack.com/archives/C02087FTL5V/p1652747624067429
Edited by Julian Thome