Uploaded image for project: 'Clair'
  1. Clair
  2. CLAIRDEV-43

Saving References of Vulnerabilities

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Normal
    • None
    • None
    • matcher
    • None
    • False
    • Hide

      None

      Show
      None
    • False

    Description

      At the moment in the enrichment process we use weak links to look up the CVEs associated to vulnerability that involve searching the name and description for “CVE-*” like strings. This data is typically explicitly referenced in OVAL DB (and is usually strongly linked in the other data sources Clair uses), so Clair should be able to represent this relationship in a more concrete way. This reference data doesn’t only contain CVE type references but also vendor specific advisories (RHSAs in the case of Red Hat) and in the future we could be seeing Github security advisories. All this information would be useful.

       

      Discussion on GH is here: https://github.com/quay/claircore/discussions/656

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. CLAIRDEV-38 Add enrichment support to sqlite datastore implementation

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Refinement
          is related to

          Task - Represents a small unit of work that is not end-user facing. CLAIRDEV-34 Show all Vulnerability aliases

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Refinement

          Activity

            People

              Unassigned Unassigned
              jcroslan@redhat.com Joseph Crosland
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                PagerDuty