lix-community/nix-security-tracker
0
0
Fork 0
Code Issues 94 Pull requests 9 Projects Releases Packages Wiki Activity
Web service for managing information on vulnerabilities in software distributed through Nixpkgs https://tracker.security.nixos.org
439 commits 2 branches 0 tags 2.9 MiB
Find a file
Exact
Dionysis Grigoropoulos 4e88b9c694
 fix: use bulk updates for migration 0048 (#538)
2025-05-08 09:09:49 +02:00
.github/workflows ci: drop magic-nix-cache-action 2025-04-28 23:44:32 +02:00
contrib Documentation update to remove obsolete command (#447) 2024-12-10 17:55:44 +01:00
docs/design docs(design/linkage): explain why we can conclude the approach is valid 2024-10-04 18:18:39 +02:00
infra chore: npins update (#533) 2025-05-05 08:15:47 +02:00
nix refactor: add types to settings related to GitHub (#529) 2025-05-02 11:37:25 +02:00
npins feat: include htmx on every page 2024-11-29 14:37:35 +01:00
pkgs feat: activity log setup 2024-11-28 11:01:31 +01:00
src/website fix: use bulk updates for migration 0048 (#538) 2025-05-08 09:09:49 +02:00
.envrc chore(dev): add .envrc-local support 2024-10-08 16:44:18 +02:00
.flake8 chore(.flake8): Set max-length to be consistent with black 2023-10-31 13:58:56 +01:00
.gitignore feat: include htmx on every page 2024-11-29 14:37:35 +01:00
CONTRIBUTING.md docs: update instructions to set up the GitHub connection (#531) 2025-05-05 16:45:36 +02:00
default.nix refactor: add types to settings related to GitHub (#529) 2025-05-02 11:37:25 +02:00
Procfile fix(staging/worker): apply automatic recovery for locked notifications (#407) 2024-11-30 16:33:57 +01:00
pyproject.toml chore: update npins 2024-09-30 13:00:16 +02:00
pyrightconfig.json feat: show package maintainers that are going to be pinged (#424) 2024-12-09 15:54:59 +01:00
README.md Add link to the deployed tracker to the README (#492) 2025-03-07 16:04:50 +01:00
shell.nix feat: basic packaging and VM test 2023-12-04 21:06:33 +01:00

README.md

Nixpkgs Security Tracker

The Nixpkgs Security Tracker is a web service for managing information on vulnerabilities in software distributed through Nixpkgs.

This software is currently in prototype stage. A demo deployment is available at https://tracker.security.nixos.org.

This tool is eventually supposed to be used by the Nixpkgs community to effectively work through security advisories. We identified three interest groups that the tool is going to address:

Nix security team members use this to access an exhaustive feed of CVEs being published, in order to decide on their relevance, link them to affected packages in Nixpkgs, notify package maintainers and discuss the issue with other team members.

Nixpkgs package maintainers are able to get notified and receive updates on security issues that affect packages that they maintain. By discussing issues with security team members and other maintainers, they can further help on figuring out which channels and packages are affected and ultimately work on fixes for the issue.

Nixpkgs users are able to subscribe and stay updated on ongoing security issues that affect the packages they use.