Critical Description:
This is an issue found in Quay 3.13 for Clair 4.8.0, after pushed image with Java vulnerabilities to Quay ,found Clair 4.8.0 can't scan and report the Java vulnerabilities, and the same test image can be scanned and report the Java vulnerabilities on quay.io, checked the logs of Clair APP POD, get error message, "enrichment error", pls review this issue, see attached detaild Clair APP Logs
{"level":"info","component":"main","request_id":"4465ea62dc7991de","remote_addr":"10.129.2.13:42516","method":"GET","request_uri":"/matcher/api/v1/vulnerability_report/sha256:40f32d1aefe4ca92851586310908659e30d04fa04f3453dd3f17075d14f60914","status":200,"written":12288,"duration":30032.164587,"time":"2024-10-16T04:27:00Z","message":"handled HTTP request"}
{"level":"error","request_id":"fc3e62248fd532fc","component":"httptransport/MatcherV1.vulnerabilityReport","error":"timeout: context canceled","time":"2024-10-16T04:27:11Z","message":"enrichment error"}
Test Image: quay.io/quay-qetest/clair-java-test
Quay: quay-operator-bundle-container-v3.13.0-45
Clair Version:
{"level":"info","component":"main","version":"v4.8.0 (user) (claircore v1.5.32)","time":"2024-10-16T03:53:28Z","message":"starting"}Quay 3.13 Clair 4.8.0 can't scan and report Java image vulnerabilities:
The same Java image can be scanned and report image vulnerabilities from quay.io:
Quay.io:
