-
Task
-
Resolution: Unresolved
-
Critical
-
None
-
claircore-1.5.48
-
None
-
False
-
-
False
-
-
We need to end to end test the RHCC matching logic for Hummingbird images to check the whole pipeline works as expected.
Things to be aware of:
- Basic labels.json file processing is working
- VEX updater parsing Hummingbird OCI advisories correctly
- False-positive mitigation is working (rpm provenance information being surfaced correctly).
- TBD: the from_dnf_hint could be used to match RPMs but:
- The repository in the content set would need to be in the repository_to_cpe map
- The VEX advisories need to correctly surface that repository CPE.
- is related to
-
CLAIRDEV-233 Test new Red Hat VEX documents with claircore
-
- To Do
-
-
ROX-32564 Vulnerability Scanning Support for Hummingbird Images
-
- To Do
-