Nix
Nix package analysis and vulnerability scanning capabilities
Package analysis
| Cataloger + Evidence | License | Dependencies | Package Manager Claims | ||||
|---|---|---|---|---|---|---|---|
| Depth | Edges | Kinds | Files | Digests | Integrity Hash | ||
nix-cataloger nix/var/nix/db/db.sqlite, nix/store/*, nix/store/*.drv | Transitive | Complete | Runtime | ||||
nix-store-cataloger deprecated nix/store/*, nix/store/*.drv | Transitive | Complete | Runtime | ||||
Syft Configuration
| Configuration Key | Description |
|---|---|
nix.capture-owned-files | Determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage. |
Vulnerability scanning
| Data Source | Disclosures | Fixes | Track by Source Package | ||
|---|---|---|---|---|---|
| Affected | Date | Versions | Date | ||
| National Vulnerability Database (NVD) | |||||
Grype Configuration
| Configuration Key | Description |
|---|---|
match.stock.using-cpes | Use CPE package identifiers to find vulnerabilities |