Loading...

XML

Word

Printable

Type: Spike
Resolution: Done
Priority: Undefined
Fix Version/s: clair-4.7.3
Affects Version/s: None
Component/s: clair
Labels:
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False
Git Pull Request:
https://github.com/quay/claircore/pull/626

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

TL;DR: Currently if a vulnerability doesn't have an associated RHSA we don't ingest it.

After looking through the code it appears that we're not ingesting any oval:com.redhat.cve:def:. definition ids (i.e most likely vulnerabilities that don't have an associated RHSA because they're not patched). I believe there is a historical reason why including these vulns can affect the Container Health Index analysis.
We should get to the bottom of what the container catalog team needs and how we can accommodate both.

Associated PR:
https://github.com/quay/claircore/pull/626

Assignee:: Unassigned

Reporter:: Joseph Crosland

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022/06/03 6:33 PM

Updated:: 2024/01/24 4:09 PM

Resolved:: 2024/01/24 4:09 PM

Details

Description

Attachments

Activity

People

Dates

Hide