non commercial use #743

eldemcan · 2020-11-12T19:37:32Z

eldemcan
Nov 12, 2020

In read me page it says,

Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.

Is is possible to tell which sources are for non-commercial use ?

mrueg · 2021-02-18T12:26:54Z

mrueg
Feb 18, 2021

@lizrice @knqyf263 @tnir since Gitlab seems to adopt Trivy as their default container scanning engine with their 14.0 release (see: https://gitlab.com/gitlab-org/gitlab/-/commit/982eff135591339a7ec0ed472a9a57f50be79272), can you help out clarifying which sources are non-commercial only and maybe provide a commercial-use-vuln-db?

2 replies

knqyf263 Feb 21, 2021
Maintainer

@mrueg Nice catch! We were planning to do it, but we expected ruby-advisory-db would allow commercial use shortly and were waiting for it. It has been suspended, so we probably should provide a commercial-use-db excluding ruby-advisory-db once. How is the status, @simar7?
rubysec/ruby-advisory-db#456

simar7 Feb 22, 2021
Maintainer

I responded in the issue. I'm open to someone else taking over this as I currently don't have the bandwidth to do so. Happy to help.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

non commercial use #743

{{title}}

Replies: 1 comment 2 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

Select a reply

non commercial use #743

eldemcan Nov 12, 2020

Replies: 1 comment · 2 replies

mrueg Feb 18, 2021

knqyf263 Feb 21, 2021 Maintainer

simar7 Feb 22, 2021 Maintainer

eldemcan
Nov 12, 2020

Replies: 1 comment 2 replies

mrueg
Feb 18, 2021

knqyf263 Feb 21, 2021
Maintainer

simar7 Feb 22, 2021
Maintainer