Advisory Data Sources

This page provides an overview of the various advisory data sources that SBOM Observer integrates with. By consolidating data from diverse, reputable sources, SBOM Observer ensures an extensive and up-to-date feed of vulnerability intelligence.

Advisory Data Sources

SBOM Observer uses a wide array of sources for continuous vulnerability monitoring. These sources range from official databases like the National Vulnerability Database (NVD) to advisory databases managed by tech giants like GitHub (GHSA) and GitLab.

Our advisory database updates several times per day (every 6 hours), and customers receive timely notifications if any action is required.

AlmaLinux ErrataAlmaLinux ErrataOfficial security advisories for AlmaLinux.
Alpine secdbAlpine secdbAlpine's security database containing known vulnerabilities.
Amazon Linux Security CenterAmazon Linux Security CenterAWS's official security center for Amazon Linux distributions.
Amazon Linux 2 Security CenterAmazon Linux 2 Security CenterAWS's official security center for Amazon Linux 2 distributions.
Arch Linux Security TrackerArch Linux Security TrackerArch Linux's official security tracker for known vulnerabilities.
GitHub Advisory Database (GHSA)GitHub Advisory DatabaseGitHub's advisory database containing a broad range of vulnerabilities from open source projects.
GitLab Advisory DatabaseGitLab Advisory DatabaseGitLab's official advisory database with vulnerability details from the GitLab community.
National Vulnerability Database (NVD)National Vulnerability DatabaseThe U.S. government's official database of standards-based vulnerability information.
Oracle Linux OVALOracle Linux OVALOracle Linux's official OVAL (Open Vulnerability and Assessment Language) definitions.
Photon Security AdvisoryPhoton Security AdvisoryVMware Photon OS's official security advisories.
RHEL/CentOS OVALRHEL/CentOS OVALOVAL definitions for Red Hat and CentOS distributions.
RHEL/CentOS Security DataRHEL/CentOS Security DataOfficial security data metrics from Red Hat.
Rocky Linux UpdateInfoRocky Linux UpdateInfoRocky Linux's official update information repository.
Security Bug TrackerSecurity Bug TrackerDebian's official security bug tracker.
SUSE Security CVRFSUSE Security CVRFSUSE's security CVRF (Common Vulnerability Reporting Framework) announcements.
Ubuntu CVE TrackerUbuntu CVE TrackerCanonical's official CVE tracker for Ubuntu distributions.
KubernetesKubernetes Official CVE FeedCommunity maintained list of official CVEs announced by the Kubernetes Security Response Committee.
Coverage and Compatibility