Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-794

Quay image scanner does not detect all known CVEs

    XMLWordPrintable

Details

    • 0

    Description

      Description of problem:
      Quay's image scanner seems to only detect CVEs if there is a fix made available instead of displaying all known CVEs in a image container.

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always

      Steps to Reproduce:
      1. Build an image based off of UBI8 and install pcre2
      2. Let the vulnerable scanner run and see all green
      3. Compare verify pcre2 is on version 10.32-1
      4. https://access.redhat.com/security/cve/CVE-2019-20454

      Actual results:
      The image security scan passed

      Expected results:
      The security scan should not pass and flag the image with a known public CVE

       

      Attachments

        Activity

          People

            ldelossa Louis DeLosSantos (Inactive)
            whearn.openshift Wesley Hearn
            Dongbo Yan Dongbo Yan
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: