Uploaded image for project: 'Clair'
  1. Clair
  2. CLAIRDEV-216

claircore: java: can repository information be discovered?

XMLWordPrintable

    • Icon: Outcome Outcome
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • indexer
    • None
    • False
    • Hide

      None

      Show
      None

      Inspired by another discussion, it seems like we may not have a way to discover the repository a java package is installed from.

      We currently assume everything is installed from Maven central, which is not correct but good enough if we're only considering public/OSV data. If Red Hat starts producing VEX data for Java packages, we'll need to be able to identify which packages come from a Red Hat repository.

              Unassigned Unassigned
              hdonnay Henry Donnay
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: