Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-794

Quay image scanner does not detect all known CVEs

    Details

      Description

      Description of problem:
      Quay's image scanner seems to only detect CVEs if there is a fix made available instead of displaying all known CVEs in a image container.

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always

      Steps to Reproduce:
      1. Build an image based off of UBI8 and install pcre2
      2. Let the vulnerable scanner run and see all green
      3. Compare verify pcre2 is on version 10.32-1
      4. https://access.redhat.com/security/cve/CVE-2019-20454

      Actual results:
      The image security scan passed

      Expected results:
      The security scan should not pass and flag the image with a known public CVE

       

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ldelossa Louis DeLosSantos
                Reporter:
                wshearn Wesley Hearn
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: