# External Vulnerability Databases Used in Our SCA Engine ### Vulnerability sources we integrate intelligence from To deliver accurate, early, and actionable insights, our SCA engine aggregates data from trusted upstream databases — plus our own zero-delay intelligence feed. #### We pull from: * **Aikido Intel** *(*[*intel.aikido.dev*](https://intel.aikido.dev)*)*\ Your earliest warning for supply chain threats. Detects malware and vulnerabilities in open-source ecosystems within minutes — often before public disclosure. * **NVD (National Vulnerability Database)**\ Authoritative CVE registry with standardized severity scoring. * **GitHub Advisory Database**\ Open-source advisories curated by GitHub and its security researchers. * **Ubuntu Security Notices (USN)**\ Official CVE updates and patch data from the Ubuntu ecosystem. * **Debian Security Bug Tracker**\ Maintainer-driven CVE disclosures and package risk tracking. * **Alpine Linux Security Database**\ Tailored vulnerability feed for Alpine and musl-based environments. * **Amazon Linux Security Center (AWS)**\ CVE advisories and fix information for Amazon Linux distributions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/code-scanning/scanning-practices/external-vulnerability-databases-used-in-our-sca-engine.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.