• English

    • Data Feeds

    To effectively search for threats in open source components, CodeScoring integrates data from more than 20 knowledge sources (feeds). Records from all sources are deduplicated and combined under universal identifiers in the system.

    Threat knowledge sources complement the unified CodeScoring Index database with information about published components, including its own protestware feed.

    This section contains a detailed description of individual feeds and the process of working with them.

    Below is a table with the data sources and their update frequency.

    SourceLinkUpdate frequency
    CodeScoring Protestware Feed-once a day
    FSTEC of Russia (Federal Service for Technical and Export Control) Security Advisorieshttps://bdu.fstec.ru/every 30 minutes
    Kaspersky Open Source Software Data Feedhttps://www.kaspersky.ru/open-source-feedevery 30 minutes
    Astra Linux Security Advisorieshttps://astra.ruevery 4 hours
    ALT Linux Security Tracker CVEhttps://packages.altlinux.orgevery 4 hours
    Red OS Security Advisorieshttps://redos.red-soft.ruonce a day
    CVE.org (MITRE CVE Program)https://www.cve.orgonce a day
    National Vulnerability Database (NVD, NIST)https://nvd.nist.gov/every hour
    Open Source Vulnerabilities (OSV)https://osv.devevery 20 minutes
    GitHub Advisory Databasehttps://github.com/advisoriesevery 10 minutes
    GitHub Security Repositories (More than 2000 repositories)https://github.comevery hour
    OpenSSF Malware Database (OSSF Malicious Packages)https://openssf.orgevery hour
    Go Vulnerability Database (Golang)https://vuln.go.devevery 30 minutes
    GitLab Security Advisory Databasehttps://advisories.gitlab.comonce a day
    Packagist PHP Package Security Advisorieshttps://packagist.orgevery 30 minutes
    PyPI Security Advisories (PySec)https://pypi.orgevery 30 minutes
    Ubuntu Security Noticeshttps://ubuntu.com/security/noticesevery 30 minutes
    Alpine Linux Security Advisorieshttps://alpinelinux.orgevery 30 minutes
    Debian Security Trackerhttps://security-tracker.debian.orgevery 30 minutes
    Red Hat Security Advisorieshttps://access.redhat.comevery 30 minutes
    Was this page helpful?