Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Canonical
on 11 June 2024

Ubuntu Security Notices now available in OSV format


Canonical is now issuing Ubuntu Security Notices (USNs) in the open source OSV format. Using the information provided, developers can identify known third-party, open source dependency vulnerabilities that pose a genuine risk to their application and its environment. This collaboration between Canonical and OSV aims to simplify vulnerability management and further enhance security for Ubuntu users.

“Making sure that Ubuntu Security Notices are actionable and available to 3rd party tools is a key goal for our security engineering team”, said Lech Sandecki, Product Manager at Canonical,  “By collaborating with OSV, we will provide accurate and actionable information about open source software vulnerabilities and fixes available for thousands of open source applications and dependencies maintained by our team”.

This integration is a testament to the ongoing collaboration happening within the OpenSSF Vulnerability Disclosures Working Group. Participation in this working group, facilitates contributions to the OSV project, and enhances the overall security posture of the open source community. 

OSV (Open Source Vulnerability) seeks to reduce the complexities of vulnerability management by providing an open, precise, and distributed approach to producing and consuming vulnerability information for open source. By adopting OSV, Canonical helps expand the comprehensiveness of vulnerability data available in this format, making the combined data set more valuable to open source users for broad open source software vulnerability management. This data unlocks future scanning capabilities in Ubuntu containers.

OSV is not only a format for describing vulnerabilities but also a set of tools and integration opportunities that can consume such information. Tools like OSV-Scanner  provide assessment and remediation guidelines to  users as well . The Ubuntu Security team packaged OSV-Scanner as a snap so users can make use of the tool on Ubuntu as well.   

“With the move towards containerisation, it is important to enable accurate vulnerability scanning of container images using Ubuntu. Having USNs available in OSV.dev unlocks OSV-Scanner to scan Ubuntu-based container images for known vulnerabilities. We look forward to working further on extending OSV-Scanner’s capabilities scanning Ubuntu-based container images in the future” said Oliver Chang from the OSV team.

With this data available, OSV-Scanner will soon be able to provide an automated remediation path for vulnerabilities in Ubuntu containers by pointing to a publicly available fix or a fix available in Ubuntu Pro.

Learn more about:

Related posts


Gabriel Aguiar Noury
21 November 2024

EdgeIQ and Ubuntu Core; bringing security and scalability to device management 

Internet of Things Article

Today, EdgeIQ and Canonical announced the release of the EdgeIQ Coda snap and official support of Ubuntu Core on the EdgeIQ Symphony platform. EdgeIQ Symphony helps you simplify and scale workflows for device fleet operations, data consumption and delivery, and application orchestration. Distributing EdgeIQ Coda as a snap brings the power ...


Ishani Ghoshal
21 November 2024

Ubuntu 20.04 LTS end of life: standard support is coming to an end. Here’s how to prepare. 

Ubuntu Article

In 2025, Ubuntu 20.04 LTS (Focal Fossa) will reach the end of its standard five-year support window. It’s time to start thinking about your options for upgrading. What is an Ubuntu long-term support (LTS) release?  Ubuntu long-term support releases (LTS) are released every 2 years by Canonical. Canonical provides patching and maintenance ...


Felipe Vanni
20 November 2024

Join Canonical in London at Dell Technologies Forum

AI Storage

Canonical is excited to be partnering with Dell Technologies at the upcoming Dell Technologies Forum – London, taking place on 26th November. This prestigious event brings together industry leaders and technology enthusiasts to explore the latest advancements and solutions shaping the digital landscape. Register to Dell Technologies Forum ...