Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What is the license of the wolfi and chainguard secdb? #680

Open
pombredanne opened this issue Mar 7, 2024 · 3 comments
Open

What is the license of the wolfi and chainguard secdb? #680

pombredanne opened this issue Mar 7, 2024 · 3 comments
Labels
bug Something isn't working needs-triage applied to all new customer/user issues. Removed after triage occurs.

Comments

@pombredanne
Copy link

I could not find any license information for the secdb data for wolfi and chainguard.
Can you clarify what would be the license?
These are the data published at:

I need a license to integrate this in https://github.com/nexb/vulnerablecode

For reference, the Alpine secdb has a license at https://secdb.alpinelinux.org/license.txt
Something similar would be awesome!
Thanks

PS: I am not sure if this issue should be filed only here, or at https://github.com/chainguard-dev/vulnerability-scanner-support/ or should be split in two? Please advise!

@pombredanne pombredanne added bug Something isn't working needs-triage applied to all new customer/user issues. Removed after triage occurs. labels Mar 7, 2024
@pombredanne
Copy link
Author

@luhring gentle ping. Without a proper license, there is no way this data can be reused. Alpine's secdb CC-BY-SA is a fine license and would likely apply if any of these advisories is derived from Alpine's db.

@luhring
Copy link
Member

luhring commented Aug 21, 2024

Thanks for the poke, @pombredanne! I'll get you an answer shortly. 🙇

@luhring
Copy link
Member

luhring commented Aug 21, 2024

We've updated our documentation for the feeds to clarify the license for them: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0).

Does this help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working needs-triage applied to all new customer/user issues. Removed after triage occurs.
Projects
None yet
Development

No branches or pull requests

2 participants