Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2111

Clair v4 does support Photon OS but the document is not mentioned.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • documentation
    • False
    • False
    • Quay Enterprise
    • Undefined

      According the section 6.1 in the document Quay v3.5[1], Photon OS is not included in vulnerability databases as follows:
       

      Clair uses the following vulnerability databases to scan for issues in your images: 
 Alpine SecDB database
 AWS UpdateInfo
 Debian Oval database 
 Oracle Oval database
 RHEL Oval database
 SUSE Oval database
 Ubuntu Oval database
 Pyup.io (python) database  

       
      However, there is the photon os updater URL at the section 6.7[2].
       

       https://packages.vmware.com/photon/photon_oval_definitions/   

       
      Ivan Bazulic and I tested if Clair v4 can find some vulnerabilities on a Photon OS and then, found vulnerabilities which has no severity.
       
      So, the list of vulnerability database should have photon OS database at Section 6.1.
       
      [1]: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/clair-v4#what_is_clair [2]: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/clair-v4#clair_updater_urls
       
       

        1. firefox_viH6tMMLtT-1.png
          firefox_viH6tMMLtT-1.png
          48 kB

              rhn-support-stevsmit Steven Smith
              hkaneko@redhat.com Hiroyuki Kaneko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: