Capabilities

RPM

Red Hat Package Manager format used by Red Hat-based Linux distributions

Package analysis

Cataloger + EvidenceLicenseDependenciesPackage Manager Claims
DepthEdgesKindsFilesDigestsIntegrity Hash
rpm-archive-cataloger
*.rpm
rpm-db-cataloger
var/lib/rpmmanifest/container-manifest-2
TransitiveRuntime
rpm-db-cataloger
{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}
TransitiveCompleteRuntime

Vulnerability scanning

Data SourceDisclosuresFixesTrack by
Source
Package
AffectedDateVersionsDate
AlmaLinux OSV Database (ALSA)
Amazon Linux Security Center (ALAS)
Microsoft AzureLinux OVAL
Red Hat Security Data API (RHSA)
fedora
Microsoft CBL-Mariner OVAL
National Vulnerability Database (NVD)
Oracle Linux Security (ELSA)
photon
SUSE Security OVAL (SUSE-SU)

Operating systems

Operating SystemSupported VersionsProviderData Source
AlmaLinux8, 9, 10almaAlmaLinux OSV Database
Amazon Linux2, 2022, 2023amazonAmazon Linux Security Center
Azure Linux3.0marinerMicrosoft CBL-Mariner OVAL
CentOS5, 6, 7, 8rhelRed Hat Security Data API
Fedora5, 6, 7, 8, 9, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45fedorafedora
CBL-Mariner1.0, 2.0marinerMicrosoft CBL-Mariner OVAL
OpenSUSE Leapminimal support (CPE-based)nvdNational Vulnerability Database (NVD)
Oracle Linux5, 6, 7, 8, 9, 10oracleOracle Linux Security
Photon OS1.0, 2.0, 3.0, 4.0, 5.0photonphoton
Red Hat Enterprise Linux5, 6, 7, 8, 9, 10
EUS: 5.9, 6.4+, 7, 8.1, 8.2, 8.4, 8.6, 8.8, 9		rhelRed Hat Security Data API
Rocky Linux5, 6, 7, 8, 9, 10rhelRed Hat Security Data API
SUSE Linux Enterprise Server11, 12, 15slesSUSE Security OVAL

Next steps

Last modified March 21, 2026: chore(deps): update tools to latest versions (04c6be4)