Skip to content
/ vulnerability-match-labels Public

Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners

License

CC0-1.0 license
11 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anchore/vulnerability-match-labels

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

135 Commits
.github
.github
 
 
labels
labels
 
 
.gitignore
.gitignore
 
 
.yardstick.yaml
.yardstick.yaml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
sboms.py
sboms.py
 
 

Repository files navigation

vulnerability-match-labels

This repo contains labeled vulnerability-package match pairs for select container images. These labels are used as a ground truth for evaluating the performance of vulnerability scanner tools (such as grype). The label data structure is governed by the artifact.LabelEntry from yardstick, the tool used to create these labels.

SBOMs for images with labels are stored as artifacts within the ghcr.io/anchore/vml-sbom/* container registry for convenience.

To see this data in action see test/quality in the grype repo.

About

Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners

Topics

labels dataset vulnerabilities hacktoberfest

Resources

Readme

License

CC0-1.0 license

Security policy

Security policy
Activity
Custom properties

Stars

11 stars

Watchers

11 watching

Forks

4 forks
Report repository

Packages

 
 
 

Contributors 8

Languages