Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-5311

Prefer CVE over other Identifiers for OSV data

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • None
    • clair
    • False
    • None
    • False
    • 0

      There is already a discussion on GitHub about it, but I wanted to make it a formal PROJQUAY ticket, too, for tracking purposes.

      This can be really crucial for things like Log4Shell. For example, when someone wants to know if they are affected by CVE-2022-44228, they will be looking for CVE-2022-44228 instead of GHSA-jfh8-c2jp-5v3q.

      OSV does tend to have aliases, which can prove to be useful. However, there are examples where this can get a bit messy. See the GitHub discussion for more information.

            Unassigned Unassigned
            rtannenb@redhat.com Ross Tannenbaum
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: