Documentation
Advisory Data Sources
This page provides an overview of the various advisory data sources that SBOM Observer integrates with. By consolidating data from diverse, reputable sources, SBOM Observer ensures an extensive and up-to-date feed of vulnerability intelligence.
Advisory Data Sources
SBOM Observer uses a wide array of sources for continuous vulnerability monitoring. These sources range from official databases like the National Vulnerability Database (NVD) to advisory databases managed by tech giants like GitHub (GHSA) and GitLab.
Our advisory database updates several times per day (every 6 hours), and customers receive timely notifications if any action is required.
| Source | URL | Description |
|---|---|---|
| AlmaLinux Errata | AlmaLinux Errata | Official security advisories for AlmaLinux. |
| Alpine secdb | Alpine secdb | Alpine's security database containing known vulnerabilities. |
| Amazon Linux Security Center | Amazon Linux Security Center | AWS's official security center for Amazon Linux distributions. |
| Amazon Linux 2 Security Center | Amazon Linux 2 Security Center | AWS's official security center for Amazon Linux 2 distributions. |
| Arch Linux Security Tracker | Arch Linux Security Tracker | Arch Linux's official security tracker for known vulnerabilities. |
| GitHub Advisory Database (GHSA) | GitHub Advisory Database | GitHub's advisory database containing a broad range of vulnerabilities from open source projects. |
| GitLab Advisory Database | GitLab Advisory Database | GitLab's official advisory database with vulnerability details from the GitLab community. |
| National Vulnerability Database (NVD) | National Vulnerability Database | The U.S. government's official database of standards-based vulnerability information. |
| Oracle Linux OVAL | Oracle Linux OVAL | Oracle Linux's official OVAL (Open Vulnerability and Assessment Language) definitions. |
| Photon Security Advisory | Photon Security Advisory | VMware Photon OS's official security advisories. |
| RHEL/CentOS OVAL | RHEL/CentOS OVAL | OVAL definitions for Red Hat and CentOS distributions. |
| RHEL/CentOS Security Data | RHEL/CentOS Security Data | Official security data metrics from Red Hat. |
| Rocky Linux UpdateInfo | Rocky Linux UpdateInfo | Rocky Linux's official update information repository. |
| Security Bug Tracker | Security Bug Tracker | Debian's official security bug tracker. |
| SUSE Security CVRF | SUSE Security CVRF | SUSE's security CVRF (Common Vulnerability Reporting Framework) announcements. |
| Ubuntu CVE Tracker | Ubuntu CVE Tracker | Canonical's official CVE tracker for Ubuntu distributions. |
| Kubernetes | Kubernetes Official CVE Feed | Community maintained list of official CVEs announced by the Kubernetes Security Response Committee. |