Details
-
Bug
-
Resolution: Done
-
Critical
-
quay-v3.6.0
-
False
-
False
-
0
Description
Description:
This is an issue found when use Clair V4.2.2(Deployed by Quay 3.6.0 Operator) to scan image vulnerability in squashed image, after pushed image to quay, found Clair V4.2.2 can't scan and report the known vulnerability(https://security-tracker.debian.org/tracker/CVE-2019-6111)
Dockerfile:
FROM debian:stretch-slim as base RUN echo 'deb http://snapshot.debian.org/archive/debian/20170625T040030Z stretch-proposed-updates main' >> /etc/apt/sources.list && \ apt-get -o Acquire::Check-Valid-Until=false update && \ apt-get install openssh-client=1:7.4p1-10+deb9u1 -y FROM scratch COPY --from=base / /
Clair Version:
oc logs demo1-clair-app-5cfdb7d888-v4h8z
{"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"starting"}
{"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"ready"}
{"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching http transport"}
{"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching introspection server"}
{"level":"info","component":"initialize/Services","time":"2021-09-01T07:32:15Z","message":"begin service initialization"}
{"level":"info","component":"introspection/New","address":":8089","time":"2021-09-01T07:32:15Z","message":"no introspection address provided; using default"}
Image vulnerability can't scanned
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
