Rocky Linux¶
Tunnel supports the following scanners for OS packages.
| Scanner | Supported |
|---|---|
| SBOM | ✓ |
| Vulnerability | ✓ |
| License | ✓ |
Please see here for supported versions.
The table below outlines the features offered by Tunnel.
| Feature | Supported |
|---|---|
| Unfixed vulnerabilities | - |
| Dependency graph | ✓ |
SBOM¶
Tunnel detects packages that have been installed through package managers such as dnf and yum.
Vulnerability¶
Rocky Linux offers its own security advisories, and these are utilized when scanning Rocky Linux for vulnerabilities.
Data Source¶
See here.
Fixed Version¶
Tunnel takes fixed versions from Rocky Linux Errata, not NVD or somewhere else. See here for more details.
Architectures
There are cases when the vulnerability affects packages of not all architectures.
For example, vulnerable packages for CVE-2023-0361 are only aarch64 packages.
Tunnel only detects vulnerabilities for packages of your architecture.
Severity¶
Tunnel calculates the severity of an issue based on the severity provided in Rocky Linux Errata.
The table below is the mapping of Rocky Linux's severity to Tunnel's severity levels.
| Rocky Linux | Tunnel |
|---|---|
| Low | Low |
| Moderate | Medium |
| Important | High |
| Critical | Critical |
Status¶
Tunnel supports the following vulnerability statuses for Rocky Linux.
| Status | Supported |
|---|---|
| Fixed | ✓ |
| Affected | ✓ |
| Under Investigation | |
| Will Not Fix | |
| Fix Deferred | |
| End of Life |
License¶
Tunnel identifies licenses by examining the metadata of RPM packages.