Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: indexer
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Similar to https://issues.redhat.com/browse/CLAIRDEV-10, APKs may install language package like Go and Node.js, too.

Chainguard specifically calls this out in its scanner implementation guide (https://github.com/chainguard-dev/vulnerability-scanner-support/blob/main/docs/scanning_implementation.md#discovering-non-distro-packages-for-vulnerability-matching), so we should be sure to account for this so we may add Chainguard and Wolfi support

is related to

CLAIRDEV-10 Non-RPM content "false positives"

Closed

relates to

ROX-28357 [Claircore] Eliminate language false-positives due to installed APKs

New

Assignee:: Unassigned

Reporter:: Ross Tannenbaum

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/03/05 1:40 AM

Updated:: 2025/07/10 8:44 PM