Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2111

Clair v4 does support Photon OS but the document is not mentioned.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • documentation
    • False
    • False
    • Quay Enterprise
    • Undefined
    • 0

    Description

      According the section 6.1 in the document Quay v3.5[1], Photon OS is not included in vulnerability databases as follows:
       

      Clair uses the following vulnerability databases to scan for issues in your images: 
 Alpine SecDB database
 AWS UpdateInfo
 Debian Oval database 
 Oracle Oval database
 RHEL Oval database
 SUSE Oval database
 Ubuntu Oval database
 Pyup.io (python) database  

       
      However, there is the photon os updater URL at the section 6.7[2].
       

       https://packages.vmware.com/photon/photon_oval_definitions/   

       
      Ivan Bazulic and I tested if Clair v4 can find some vulnerabilities on a Photon OS and then, found vulnerabilities which has no severity.
       
      So, the list of vulnerability database should have photon OS database at Section 6.1.
       
      [1]: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/clair-v4#what_is_clair [2]: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/clair-v4#clair_updater_urls
       
       

      Attachments

        Activity

          People

            rhn-support-stevsmit Steven Smith
            hkaneko@redhat.com Hiroyuki Kaneko
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: