Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2649

Clair v4 debian matching source/binary packages

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • clair-4.4.0
    • None
    • clair
    • 0

    Description

      The Debian OVAL feed lists vulnerabilities with a package name, however, the package name is always the source package (ie. openssh) whereas when we index a layer, we find the binary packages (i.e. openssh-client).

      At ingest time, we need to build a relationship between source and binary packages.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-2473 Image vulnerability in non-base layers can't be scanned by Clair V4.2.2

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-2771 Problems with detecting vulnerabilities when using Clair v4

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              jcroslan@redhat.com Joseph Crosland
              jcroslan@redhat.com Joseph Crosland
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: