diff --git a/config.yaml.sample b/config.yaml.sample
index 23e85fed..ca32fe47 100644
--- a/config.yaml.sample
+++ b/config.yaml.sample
@@ -68,6 +68,7 @@ clair:
     # Frequency the database will be updated with vulnerabilities from the default data sources
     # The value 0 disables the updater entirely.
     interval: 2h
+
     enabledupdaters: 
       - debian
       - ubuntu
@@ -75,6 +76,14 @@ clair:
       - oracle
       - alpine
 
+    # Vulnerability data sources
+    sourceurls:
+      alpine: "https://git.alpinelinux.org/cgit/alpine-secdb"
+      debian: "https://security-tracker.debian.org/tracker/data/json"
+      oracle: "https://linux.oracle.com/oval/"
+      rhel:   "https://www.redhat.com/security/data/oval/"
+      ubuntu: "https://launchpad.net/ubuntu-cve-tracker"
+
   notifier:
     # Number of attempts before the notification is marked as failed to be sent
     attempts: 3