From 1efdf3766cd06d3818ed254250b4a7cfbdca2e56 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Sat, 14 Feb 2026 00:32:21 +0000 Subject: [PATCH] docs: Update foundational concepts Updates to foundational concepts --- docs/foundational_concepts.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/foundational_concepts.md b/docs/foundational_concepts.md index a605058..a979d06 100644 --- a/docs/foundational_concepts.md +++ b/docs/foundational_concepts.md @@ -38,9 +38,7 @@ Chainguard continuously publishes data about software vulnerabilities for Wolfi Chainguard staff members carefully review potential vulnerabilities in our public and private packages. This analysis is captured as **advisory data**, which serves as the _source of truth_ for all vulnerability investigations and conclusions. -In its raw form, advisory data is stored as YAML and version-controlled using git. We operate on the data using [wolfictl](https://github.com/wolfi-dev/wolfictl). The [Wolfi advisory data repository](https://github.com/wolfi-dev/advisories) is public, while the repository for Chainguard's enterprise packages is not public. - -We can use advisory data to produce different kinds of downstream data. The primary downstream use of this data is our security feeds, intended for consumption by vulnerability scanners. +The primary downstream use of this data is our security feeds, intended for consumption by vulnerability scanners. ### Security feeds @@ -56,7 +54,7 @@ An index of Chainguard's OSV data is located at `https://packages.cgr.dev/chaing Each individual Chainguard advisory is represented as its own file, where the advisory ID (prefixed with `CGA-`) replaces the "all" in the URL above. For example, the advisory CGA-2226-2498-2frm is located at `https://packages.cgr.dev/chainguard/osv/CGA-2226-2498-2frm.json`. -This OSV feed is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)](https://creativecommons.org/licenses/by-nc-nd/4.0/?ref=chooser-v1), provided, however, the Chainguard License for Commercial Scanners shall apply to Commercial Scanners available at https://www.chainguard.dev/legal/chainguard-license-for-commercial-scanners, as such terms are defined therein. +This OSV feed is licensed under [Apache License 2.0](https://github.com/chainguard-dev/vulnerability-scanner-support/blob/main/LICENSE). #### The secdb (Deprecated) @@ -70,7 +68,7 @@ The "Wolfi secdb" is located at `https://packages.wolfi.dev/os/security.json`. The "Chainguard secdb" is located at `https://packages.cgr.dev/chainguard/security.json`. -The Wolfi secdb and Chainguard secdb are each licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)](https://creativecommons.org/licenses/by-nc-nd/4.0/?ref=chooser-v1), provided, however, the Chainguard License for Commercial Scanners shall apply to Commercial Scanners available at https://www.chainguard.dev/legal/chainguard-license-for-commercial-scanners, as such terms are defined therein. +The Wolfi secdb and Chainguard secdb are each licensed under [Apache License 2.0](https://github.com/chainguard-dev/vulnerability-scanner-support/blob/main/LICENSE). ##### Interpreting secdb data