Vulnerability databases play an important role in software supply chain security. Vulnerability databases contain information about known third-party components/libraries vulnerabilities. By leveraging multiple vulnerability databases, we can identify potential vulnerable third-party components used in software development and also remediate those issues quickly.
Here is the list of free Vulnerability databases that we can use as part of software supply chain security.
NVD (National Vulnerability Database): https://nvd.nist.gov
GitHub advisory: https://github.com/advisories
Google OSV: https://osv.dev
Snyk Vulnerability Database: https://security.snyk.io
SonaType OSS Index: https://ossindex.sonatype.org
Top comments (0)