Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2474

Image vulnerability in squashed image can't be scanned by Clair V4.2.2

XMLWordPrintable

    • False
    • False
    • 0

      Description:

      This is an issue found when use Clair V4.2.2(Deployed by Quay 3.6.0 Operator) to scan image vulnerability in squashed image, after pushed image to quay, found Clair V4.2.2 can't scan and report the known vulnerability(https://security-tracker.debian.org/tracker/CVE-2019-6111)

      Dockerfile:

      FROM debian:stretch-slim as base

RUN echo 'deb http://snapshot.debian.org/archive/debian/20170625T040030Z stretch-proposed-updates main' >> /etc/apt/sources.list && \
  apt-get -o Acquire::Check-Valid-Until=false update && \
  apt-get install openssh-client=1:7.4p1-10+deb9u1 -y

FROM scratch
COPY --from=base / /

      Clair Version:

      oc logs demo1-clair-app-5cfdb7d888-v4h8z
{"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"starting"}
{"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"ready"}
{"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching http transport"}
{"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching introspection server"}
{"level":"info","component":"initialize/Services","time":"2021-09-01T07:32:15Z","message":"begin service initialization"}
{"level":"info","component":"introspection/New","address":":8089","time":"2021-09-01T07:32:15Z","message":"no introspection address provided; using default"}
      Image vulnerability can't scanned

        1. image-2021-09-01-16-14-17-846.png
          image-2021-09-01-16-14-17-846.png
          267 kB

            jcroslan@redhat.com Joseph Crosland
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: