Currently, Clair v4 does not have the capability to show severity information for Debian packages because Debian OVAL database does not contain this information. Previous Clair v2 had this capability because it used the Debian CVE database, distributed in JSON format, which contains this information. The information about security severity is of vital importance for most of our clients, especially those that use Debian images extensively. Screenshot is attached.
- duplicates
-
PROJQUAY-1724 Clair v4 uses NVD data to complement missing severity
-
- Closed
-
- is related to
-
PROJQUAY-2804 Debian data improvement
-
- Closed
-
