CVE related projects

Currently I see at least 4 projects on the eLxr Gitlab project related to CVEs:

• eLxr / Cloud / pipelines / cve-scan · GitLab
• eLxr / Cloud / reports / cve-scan-daily-report · GitLab
• https://gitlab.com/elxr/cloud/reports/package-monitor-report
• eLxr / Security Support / eLxr Cve Tracker · GitLab

Are these projects in any way related? Should they be merged or aligned in some way?

Also I see no documentation or explanation in the form of a Readme.md on the eLxr / Security Support / eLxr Cve Tracker · GitLab. Maybe it would be good to introduce that, so people can understand the purpose of the project.

— Do CVE scan for container images.

— This is a daily report of the CVE scan results for the images listed below.

— To disclose CVE fixed in Wind River, but does not update in Trivy DB.

https://gitlab.com/elxr/cloud/reports/package-monitor-report
— Did not found the repo now.

Thanks for the update, I now see package-monitor-report is a private repository. I will check with the owner of the repository why this is private and if it should be moved away from the eLxr project.

Would you be ok writing a small README.md file in the project to describe eLxr / Security Support / eLxr Cve Tracker · GitLab a bit better? So people understand what the project is doing when looking at it?

Another question I would have is if we should group all these repositories under a single Gitlab group, for example Security Support · GitLab. It seems we have CVE related projects located under different Gitlab groups now. With that I am also wondering if part of these efforts should not be merged into a single project?

Create Gitlab issue and task:

Thanks, sorry I assumed you were the maintainer of the repository given you answered the initial questions.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.