CentOS¶
Tunnel supports the following scanners for OS packages.
| Scanner | Supported |
|---|---|
| SBOM | ✓ |
| Vulnerability | ✓ |
| License | ✓ |
Please see here for supported versions.
The table below outlines the features offered by Tunnel.
| Feature | Supported |
|---|---|
| Unfixed vulnerabilities | ✓ |
| Dependency graph | ✓ |
SBOM¶
Same as RHEL.
Vulnerability¶
CentOS does not provide straightforward machine-readable security advisories. As a result, Tunnel utilizes the security advisories from Red Hat Enterprise Linux (RHEL) for detecting vulnerabilities in CentOS. This approach might lead to situations where, even though Tunnel displays a fixed version, CentOS might not have the patch available yet. Since patches released for RHEL often become available in CentOS after some time, it's usually just a matter of waiting.
Note
The case for CentOS Stream, which is not supported by Tunnel, is entirely different from CentOS.
As Tunnel relies on Red Hat's advisories, please refer to Red Hat for details regarding vulnerability severity and status.
License¶
Same as RHEL.