Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2474

Image vulnerability in squashed image can't be scanned by Clair V4.2.2

XMLWordPrintable

    • False
    • False

      Description:

      This is an issue found when use Clair V4.2.2(Deployed by Quay 3.6.0 Operator) to scan image vulnerability in squashed image, after pushed image to quay, found Clair V4.2.2 can't scan and report the known vulnerability(https://security-tracker.debian.org/tracker/CVE-2019-6111)

      Dockerfile:

      FROM debian:stretch-slim as base
      
      RUN echo 'deb http://snapshot.debian.org/archive/debian/20170625T040030Z stretch-proposed-updates main' >> /etc/apt/sources.list && \
        apt-get -o Acquire::Check-Valid-Until=false update && \
        apt-get install openssh-client=1:7.4p1-10+deb9u1 -y
      
      FROM scratch
      COPY --from=base / /
      

      Clair Version:

      oc logs demo1-clair-app-5cfdb7d888-v4h8z
      {"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"starting"}
      {"level":"info","component":"main","version":"v4.2.2","time":"2021-09-01T07:32:15Z","message":"ready"}
      {"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching http transport"}
      {"level":"info","component":"main","time":"2021-09-01T07:32:15Z","message":"launching introspection server"}
      {"level":"info","component":"initialize/Services","time":"2021-09-01T07:32:15Z","message":"begin service initialization"}
      {"level":"info","component":"introspection/New","address":":8089","time":"2021-09-01T07:32:15Z","message":"no introspection address provided; using default"}
      
      Image vulnerability can't scanned

              jcroslan@redhat.com Joseph Crosland
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: