osv.dev icon indicating copy to clipboard operation
osv.dev copied to clipboard

Published 20 hours ago verified publisher icon google

Add kubernetes vulnerabilities

Open sbs2001 opened this issue 3 years ago • 7 comments

Currently sig-security has a draft KEP here for creating structured feeds for k8s vulnerabilities.

It would be great if osv could consume this feed when implemented.

Relevant ticket at https://github.com/kubernetes/sig-security/issues/1

sbs2001 avatar Jan 19 '22 12:01 sbs2001

Thanks a lot for flagging this @sbs2001 ! It would be awesome if Kubernetes is able to publish their vulnerabilities in the OSV format. We'd be very happy to work with you and everyone else on the relevant ticket.

oliverchang avatar Jan 20 '22 04:01 oliverchang

https://github.com/kubernetes/enhancements/issues/3203 also seems to be related to this.

andrewpollock avatar Oct 18 '22 01:10 andrewpollock

We're currently updating our roadmap for 2023, and have tentatively targeted Q3 for this, subject to the data being available.

andrewpollock avatar Oct 18 '22 03:10 andrewpollock