Supporting mageia Linux images #177
Comments
|
@juanluisbaptiste, for Scout to properly report CVEs, a distribution needs to provide its own CVE feed and that CVE feed needs to be processed by the Scout backend on a regular basis. Do you have a CVE feed for mageia packages available? |
|
Yes, we have a feed in OSV format available via https://advisories.mageia.org/infos.html. It's also being pulled in to https://osv.dev/ |
|
Awesome, let me take a look. Could you provide some links to Docker Hub images that I could test this with? |
|
Our images are at https://hub.docker.com/_/mageia The "9" tag is our latest (and only currently supported image) and was rebuilt fairly recently so might not have any (or very many) current security issues. The "cauldron" tag is for our other live distro but it's considered for development only and we don't publish advisories for it. The other numeric tags should also be working since they are our older public versions, but we no longer publish vulnerabilities for them (since they are no longer supported). |
Hi,
I'm the maintainer of the mageia Linux images, and I noticed that the security scan in Docker Hub reports no vulnerabilities for them. What can be done so these images are properly scanned?
Thanks in advance.
The text was updated successfully, but these errors were encountered: