Skip to content
Arch Linux Security Tracker
Branch: master
Clone or download
SantiagoTorres and anthraxx requirements: move pyalpm to pypi version
There doesn't seem to be a pyalpm 0.8.5 on the
repository. This is because the pyalpm develoment moved to github, and
releases are now published on pypi. Change the requirements.txt file to
use the pypi version of pyalpm.
Latest commit a6443af Jun 13, 2019

Arch Linux Security Tracker Build Status

The Arch Linux Security Tracker is a lightweight flask based panel for tracking vulnerabilities in Arch Linux packages, displaying vulnerability details and generating security advisories.


  • Issue tracking
  • Issue grouping
  • libalpm support
  • Todo lists
  • Advisory scheduling
  • Advisory generation



  • python >= 3.4
  • python-sqlalchemy
  • python-flask
  • python-flask-sqlalchemy
  • python-flask-talisman
  • python-flask-wtf
  • python-flask-login
  • python-flask-migrate
  • python-requests
  • python-scrypt
  • pyalpm
  • sqlite


  • python-isort
  • python-pytest
  • python-pytest-cov


Python dependencies can be installed in a virtual environment (virtualenv), by running:

virtualenv .virtualenv
. .virtualenv/bin/activate
pip install -r requirements.txt

For running tests:

pip install -r test-requirements.txt



run debug mode:

make run

adding a new user:

make user

run tests:

make test

For production run it through uwsgi

Command line interface

The trackerctl script provides access to the command line interface that controls and operates different parts of the tracker. All commands and subcommands provide a --help option that describes the operation and all its available options.


The configurations are all placed into the config directory and applied as a sorted cascade.

The default values in the 00-default.conf file should not be altered for customization. If some tweaking is required, simply create a new configuration file with a .local.conf suffix and some non zero prefix like 20-user.local.conf. Files using this suffix are on the .gitignore and not handled as untracked or dirty.


Help is appreciated, for some guidelines and recommendations check our Contribution file.

You can’t perform that action at this time.