Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-3199

As a user of Quay 3.7, my Clair scanning results should only contain CRDA results if I have explicitly enabled them.

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • None
    • None
    • clair
    • 3
    • False
    • None
    • False
    • 0

    Description

      With Quay 3.6 the Clair scan results implicitly include CRDA data for Java packages. Thes scan results are unreliable as the CRDA endpoint may potentially rate limit Clair's request for vulnerability data. This causes the Java scan results to appear and sometimes disappear when scanning the same image.

      The proper long-term solution here is the Clair plug-in system in development however it's not clear this will be delivered in time for Quay 3.7.

      For Quay 3.7, the use of CRDA in Clair should be made explicit and opt-in for users. We should no longer ship with a default shared key, and enabling the use of CRDA for scan results should be something customers are required to consciously enable in Clair's configuration.

      This should also include them acquiring their own key from CRDA.

      Our documentation should be clear on how to enable this, and how this is different from 3.6. This does not change the designation of our Java scan results as Tech Preview (we should consider them GA once the proper plug-in mechanism is in place).

      Attachments

        Issue Links

          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CLAIRDEV-56 Clair should be runtime extensible

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Refinement

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. PROJQUAY-3115 Document Java scanning in Quay 3.6.3 as Tech Preview

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. PROJQUAY-3200 Change CRDA defaults

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. PROJQUAY-3201 Document how to enable CRDA in Red Hat Quay

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. PROJQUAY-3350 Quay 3.7.0 to include Clair 4.4.z

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              hdonnay Henry Donnay
              bdettelb@redhat.com Bill Dettelback
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: