Uploaded image for project: 'Clair'
  1. Clair
  2. CLAIRDEV-34

Show all Vulnerability aliases

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Major
    • None
    • None
    • matcher
    • False
    • Hide

      None

      Show
      None
    • False

    Description

      OSV data does not always use CVE as the top-level name for a vulnerability. Instead, many times GHSA is used. This may be misleading to people who want to search for vulnerabilities by CVE, which is more widely used than GHSA.

      Take https://osv.dev/vulnerability/GHSA-jfh8-c2jp-5v3q for example. Clair will read this critical vulnerability as GHSA-jfh8-c2jp-5v3q, which many people may not know is equivalent to CVE-2021-44228. When this vulnerability came out, many ACS customers wanted to know if they were affected by CVE-2021-44228, so if they were to search for that vulnerability in Clair, they may not find it, as it is tracked as a GHSA instead.

      The objective is to output all aliases for a vulnerability so people may be able to search for any name for the vulnerability.

      Attachments

        Issue Links

          relates to

          Task - Represents a small unit of work that is not end-user facing. CLAIRDEV-43 Saving References of Vulnerabilities

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • To Do
          split from

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CLAIRDEV-4 Defect-oriented reporting

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Refinement

          Activity

            People

              Unassigned Unassigned
              rtannenb@redhat.com Ross Tannenbaum
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                PagerDuty