From e2694bc0601b8e826816bcc4fda0a3d2ec1f0cf2 Mon Sep 17 00:00:00 2001 From: Alan Pope Date: Wed, 27 Aug 2025 14:39:04 +0100 Subject: [PATCH] =?UTF-8?q?Add=20llms.txt=20to=20describe=20this=20repo=20?= =?UTF-8?q?to=20our=20AI=20overlords=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alan Pope --- llms.txt | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 llms.txt diff --git a/llms.txt b/llms.txt new file mode 100644 index 00000000..12d245b9 --- /dev/null +++ b/llms.txt @@ -0,0 +1,55 @@ +# grype-db + +Anchore's vulnerability database builder for Grype - transforms upstream vulnerability data into actionable security intelligence. + +## Overview + +grype-db is a Go-based application that aggregates vulnerability data from multiple upstream sources (NVD, GitHub, Red Hat, etc.) and builds a comprehensive vulnerability database used by Grype vulnerability scanner. It processes various data formats and creates a unified SQLite database with standardized vulnerability information. + +## Core Components + +### Database Building (`cmd/grype-db/`) +- `main.go` - CLI entry point with commands: build, pull, package, cache +- `cli/commands/` - Command implementations for data operations +- `application/` - Core application logic and configuration + +### Data Processing (`pkg/process/`) +- Processors for different vulnerability sources (NVD, GitHub, OS vendors, etc.) +- Schema versioning support (v5, v6) for backward compatibility +- Data transformers for normalizing vulnerability formats + +### Provider System (`pkg/provider/`) +- Interfaces for vulnerability data sources +- Vunnel integration for upstream data fetching +- File and SQLite-based data storage + +### Database Management (`manager/`) +- Python-based database management utilities +- Distribution and validation tooling +- S3 integration for database publishing + +## Key Features + +- Multi-source vulnerability aggregation (NVD, GitHub Security Advisories, OS vendors) +- Schema versioning with backward compatibility +- Caching system for efficient data updates +- Database packaging and distribution +- Validation and testing frameworks + +## Usage + +```bash +# Build database from all sources +grype-db -g + +# Build from specific providers +grype-db -g -p nvd,github + +# Pull data only +grype-db pull -p nvd + +# Package for distribution +grype-db package +``` + +The tool requires a GitHub token for accessing GitHub Security Advisories and uses vunnel for upstream data management. \ No newline at end of file