|
azure: |
|
name: Microsoft AzureLinux OVAL |
|
url: https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/azurelinux-3.0-oval.xml |
|
vunnel_provider: mariner |
|
capabilities: # TODO: are these values accurate? |
|
# Indicates whether the advisory includes fix version information |
|
- name: fix.versions |
|
supported: true |
|
|
|
# Indicates whether the advisory includes a date when the fix was made available |
|
- name: fix.date |
|
supported: true |
|
|
|
# Indicates whether the advisory includes fix state information (e.g., fixed, not fixed, etc.) |
|
- name: fix.states |
|
supported: true |
|
values: |
|
- fixed |
|
- not_fixed |
|
|
|
# Indicates whether the advisory discloses the vulnerability regardless of fix availability |
|
- name: disclosure.affected |
|
supported: true |
vs
|
mariner: |
|
name: Microsoft CBL-Mariner OVAL |
|
url: 'https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/cbl-mariner-2.0-oval.xml' |
|
vunnel_provider: mariner |
|
capabilities: |
|
# Indicates whether the advisory includes fix version information |
|
- name: fix.versions |
|
supported: true |
|
|
|
# Indicates whether the advisory includes a date when the fix was made available |
|
- name: fix.date |
|
supported: true |
|
|
|
# Indicates whether the advisory includes fix state information (e.g., fixed, not fixed, etc.) |
|
- name: fix.states |
|
supported: true |
|
values: |
|
- fixed |
|
- not_fixed |
Really the distro was launched as "Mariner Linux" and then renamed Azure Linux as part of the 3.0 GA.
