Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1817

Discard unfixed and unaffected vulnerabilities in Red Hat OVAL v2 feed

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • clair-4.1.0, quay-v3.5.2
    • None
    • clair
    • None
    • BU Product Work
    • False
    • False
    • Undefined

      Red Hat Product Security team is planning to released new format of OVAL v2 data, where unfixed and unaffected vulnerabilities will include <affected_cpe_list> section. This will make libvun process such entries. At this point, we want to discard both kidns of entries as soon as we encounter them.

      • Unaffected vulnerabilities will be discarded even in the future, as from point of security scanning they offer no value
      • Unfixed vulnerabilities will be processed in the future patch

        1. clair352.png
          clair352.png
          153 kB
        2. clair351.png
          clair351.png
          164 kB

              jzmeskal@redhat.com Jan Zmeskal (Inactive)
              jzmeskal@redhat.com Jan Zmeskal (Inactive)
              Dongbo Yan Dongbo Yan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: