Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1817

Discard unfixed and unaffected vulnerabilities in Red Hat OVAL v2 feed

    XMLWordPrintable

Details

    • Feature
    • Resolution: Done
    • Major
    • clair-4.1.0, quay-v3.5.2
    • None
    • clair
    • None
    • False
    • False
    • 0
    • 0% 0%
    • Undefined
    • 0

    Description

      Red Hat Product Security team is planning to released new format of OVAL v2 data, where unfixed and unaffected vulnerabilities will include <affected_cpe_list> section. This will make libvun process such entries. At this point, we want to discard both kidns of entries as soon as we encounter them.

      • Unaffected vulnerabilities will be discarded even in the future, as from point of security scanning they offer no value
      • Unfixed vulnerabilities will be processed in the future patch

      Attachments

        1. clair352.png
          clair352.png
          153 kB
        2. clair351.png
          clair351.png
          164 kB

        Activity

          People

            jzmeskal@redhat.com Jan Zmeskal (Inactive)
            jzmeskal@redhat.com Jan Zmeskal (Inactive)
            Dongbo Yan Dongbo Yan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: