Major Description:
This is an issue found when use Clair to scan image vulnerability of RHEL9 image, like "registry.access.redhat.com/ubi9:latest", as there's no CVE data of RHEL9, so Clair report the scan results as passed, this is not correct results, the expected results should be like "not-supported" or "unable to scan", pls review this issue and improve this point.
Clair Version: V4.4.4
{"level":"info","component":"main","version":"v4.4.4","time":"2022-07-13T05:55:24Z","message":"starting"}The following is the list of Clair Dist:
postgres=# select * from dist;
id | name | did | version | version_code_name | version_id | arch |
cpe | pretty_name
----+---------------------------------+--------+-------------------------+-------------------+------------+------+--------------
-------------------------------------+-----------------------------------
1 | Oracle Linux Server | ol | 8 | Oracle Linux 8 | 8 | |
| Oracle Linux Server 8
2 | Red Hat Enterprise Linux Server | rhel | 8 | | 8 | | cpe:2.3:o:red
hat:enterprise_linux:8:*:*:*:*:*:*:* | Red Hat Enterprise Linux Server 8
4 | Ubuntu | ubuntu | 20.04 LTS (Focal Fossa) | focal | 20.04 | |
| Ubuntu 20.04 LTS
5 | SLES | sles | 15 | | 15 | |
| SUSE Linux Enterprise Server 15
6 | Red Hat Enterprise Linux Server | rhel | 7 | | 7 | | cpe:2.3:o:red
hat:enterprise_linux:7:*:*:*:*:*:*:* | Red Hat Enterprise Linux Server 7
7 | Debian GNU/Linux | debian | 10 (buster) | buster | 10 | |
| Debian GNU/Linux 10 (buster)
8 | Amazon Linux | amzn | 2 | | 2 | | cpe:2.3:o:ama
zon:amazon_linux:2:*:*:*:*:*:*:* | Amazon Linux 2
9 | Alpine Linux | alpine | 3.13 | | | |
| Alpine Linux v3.13
(8 rows)
Clair Scan RHEL9 UBI image:
