# External Vulnerability Databases Used in Our SCA Engine

### Vulnerability sources we integrate intelligence from

To deliver accurate, early, and actionable insights, our SCA engine aggregates data from trusted upstream databases — plus our own zero-delay intelligence feed.

#### We pull from:

* **Aikido Intel** *(*[*intel.aikido.dev*](https://intel.aikido.dev)*)*\
  Your earliest warning for supply chain threats. Detects malware and vulnerabilities in open-source ecosystems within minutes — often before public disclosure.
* **NVD (National Vulnerability Database)**\
  Authoritative CVE registry with standardized severity scoring.
* **GitHub Advisory Database**\
  Open-source advisories curated by GitHub and its security researchers.
* **Ubuntu Security Notices (USN)**\
  Official CVE updates and patch data from the Ubuntu ecosystem.
* **Debian Security Bug Tracker**\
  Maintainer-driven CVE disclosures and package risk tracking.
* **Alpine Linux Security Database**\
  Tailored vulnerability feed for Alpine and musl-based environments.
* **Amazon Linux Security Center (AWS)**\
  CVE advisories and fix information for Amazon Linux distributions.