Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: clair-4.4.0
Affects Version/s: None
Component/s: clair
Labels:
- triaged

Blocked:
False
Ready:
False
Git Pull Request:
https://github.com/quay/claircore/pull/550
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The Debian OVAL feed lists vulnerabilities with a package name, however, the package name is always the source package (ie. openssh) whereas when we index a layer, we find the binary packages (i.e. openssh-client).

At ingest time, we need to build a relationship between source and binary packages.

blocks

PROJQUAY-2473 Image vulnerability in non-base layers can't be scanned by Clair V4.2.2

Closed

is related to

PROJQUAY-2771 Problems with detecting vulnerabilities when using Clair v4

Closed

Assignee:: Joseph Crosland

Reporter:: Joseph Crosland

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2021/10/06 9:16 PM

Updated:: 2022/06/02 5:53 PM

Resolved:: 2022/02/10 11:00 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates