Major Description:
This is an issue found in Quay 3.10.3 with managed Clair Component, after pushed Alpine Edge to Quay, found Quay can not show image vulnerabilities of this target image, pls review this issue.
Quay: 3.10.3
Clair: 4.7.2
Test image: docker.io/alpine:edge
Quay 3.10.3 can't scan and report all image vulnerabilities of alpine edge:
The following are the image vulnerabilities of the alpine edge:
grype alpine:edge --scope all-layers
✔ Vulnerability DB [updated]
✔ Loaded image alpine:edge
✔ Parsed image sha256:bd566e108cb919599f783a135ab95dbbc31f9480d31d39ef3935cabbb9edff6f
✔ Cataloged contents 2465fdde57d55cc4a90243f26c9dc05e7f9f08b23f7d05c9e2e7baa4870178c7
├── ✔ Packages [15 packages]
├── ✔ File digests [80 files]
└── ✔ File metadata [80 locations]
✔ Scanned for vulnerabilities [16 vulnerability matches]
├── by severity: 0 critical, 0 high, 14 medium, 0 low, 0 negligible (2 unknown)
└── by status: 4 fixed, 12 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r17 apk CVE-2023-42366 Medium
busybox 1.36.1-r17 apk CVE-2023-42365 Medium
busybox 1.36.1-r17 apk CVE-2023-42364 Medium
busybox 1.36.1-r17 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r17 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r17 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r17 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r17 apk CVE-2023-42363 Medium
libcrypto3 3.1.4-r2 3.1.4-r3 apk CVE-2023-6129 Medium
libcrypto3 3.1.4-r2 3.1.4-r4 apk CVE-2023-6237 Unknown
libssl3 3.1.4-r2 3.1.4-r3 apk CVE-2023-6129 Medium
libssl3 3.1.4-r2 3.1.4-r4 apk CVE-2023-6237 Unknown
ssl_client 1.36.1-r17 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r17 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r17 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r17 apk CVE-2023-42363 Medium
