docs: improve data sources (#1069)

* docs: improve data sources

* docs: add os data sources

* refactor

docs/build/Dockerfile

@@ -1,4 +1,4 @@
-FROM squidfunk/mkdocs-material
+FROM squidfunk/mkdocs-material:7.0.6
 
 ## If you want to see exactly the same version as is published to GitHub pages
 ## use a private image for insiders, which requires authentication.

docs/vuln-detection/data-source.md

@@ -1,23 +1,43 @@
-# Data Sources
+# OS
 
-- PHP
-    - https://github.com/FriendsOfPHP/security-advisories
-    - https://github.com/advisories?query=ecosystem%3Acomposer
-- Python
-    - https://github.com/pyupio/safety-db
-    - https://github.com/advisories?query=ecosystem%3Apip
-- Ruby
-    - https://github.com/rubysec/ruby-advisory-db
-    - https://github.com/advisories?query=ecosystem%3Arubygems
-- Node.js
-    - https://github.com/nodejs/security-wg
-    - https://github.com/advisories?query=ecosystem%3Anpm
-- Rust
-    - https://github.com/RustSec/advisory-db
-- .NET
-    - https://github.com/advisories?query=ecosystem%3Anuget
-- Java
-    - https://github.com/advisories?query=ecosystem%3Amaven
-    - https://gitlab.com/gitlab-org/advisories-community
-- Go
-    - https://gitlab.com/gitlab-org/advisories-community
+| OS             | Source                                                                              |
+| ---------------| ------------------------------------------------------------------------------------|
+| Arch Linux     | [Vulnerable Issues](https://security.archlinux.org/)                                |
+| Alpine Linux   | [secdb](https://secdb.alpinelinux.org/)                                             |
+| Amazon Linux 1 | [Amazon Linux Security Center](https://alas.aws.amazon.com/)                        |
+| Amazon Linux 2 | [Amazon Linux Security Center](https://alas.aws.amazon.com/alas2.html)              |
+| Debian         | [Security Bug Tracker](https://security-tracker.debian.org/tracker/)                |
+|                | [OVAL](https://www.debian.org/security/oval/)                                       |
+| Ubuntu         | [Ubuntu CVE Tracker](https://ubuntu.com/security/cve)                               |
+| RHEL/CentOS    | [OVAL](https://www.redhat.com/security/data/oval/v2/)                               |
+|                | [Security Data](https://www.redhat.com/security/data/metrics/)                      |
+| Oracle Linux   | [OVAL](https://linux.oracle.com/security/oval/)                                     |
+| OpenSUSE/SLES	 | [CVRF](http://ftp.suse.com/pub/projects/security/cvrf/)                             |
+| Photon OS      | [Photon Security Advisory](https://packages.vmware.com/photon/photon_cve_metadata/) |
+
+# Programming Language
+
+| Language                     | Source                                                                                           | Commercial Use  | Delay *1 |
+| ---------------------------- | ------------------------------------------------------------------------------------------------ |:---------------:|:--------:|
+| PHP                          | [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)          | ✅              | -        |
+|                              | [GitHub Advisory Database (Composer)](https://github.com/advisories?query=ecosystem%3Acomposer)  | ✅              | -        |
+| Python                       | [Safety DB](https://github.com/pyupio/safety-db)                                                 | ❌              | 1 month  |
+|                              | [GitHub Advisory Database (pip)](https://github.com/advisories?query=ecosystem%3Apip)            | ✅              | -        |
+| Ruby                         | [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)                            | ❌ (partially)  | -        |
+|                              | [GitHub Advisory Database (RubyGems)](https://github.com/advisories?query=ecosystem%3Arubygems)  | ✅              | -        |
+| Node.js                      | [Ecosystem Security Working Group](https://github.com/nodejs/security-wg)                        | ✅              | -        |
+|                              | [GitHub Advisory Database (npm)](https://github.com/advisories?query=ecosystem%3Anpm)            | ✅              | -        |
+| Java                         | [GitLab Advisories Community](https://gitlab.com/gitlab-org/advisories-community)                | ✅              | 1 month  |
+|                              | [GitHub Advisory Database (Maven)](https://github.com/advisories?query=ecosystem%3Amaven)        | ✅              | -        |
+| Go                           | [GitLab Advisories Community](https://gitlab.com/gitlab-org/advisories-community)                | ✅              | 1 month  |
+|                              | [The Go Vulnerability Database](https://github.com/golang/vulndb)                                | ✅              | -        |
+| Rust                         | [RustSec Advisory Database](https://github.com/advisories?query=ecosystem%3Anuget)               | ✅              | -        |
+| .NET                         | [GitHub Advisory Database (NuGet)](https://github.com/RustSec/advisory-db)                       | ✅              | -        |
+
+*1: Intentional delay between vulnerability disclosure and registration in the DB
+
+# Others
+
+| Name                            | Source                                                  |  
+| --------------------------------|---------------------------------------------------------|
+| National Vulnerability Database | [NVD](https://nvd.nist.gov/)                            |