-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
quay-v3.13.0
-
Incidents & Support
-
False
-
-
False
-
Quay Enterprise
-
-
It seems that CSO cannot reliably recognize parts of the security report served by Quay:
... 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912073 1 warnings.go:70] unknown field "spec.features[0].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912089 1 warnings.go:70] unknown field "spec.features[0].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912092 1 warnings.go:70] unknown field "spec.features[100].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912095 1 warnings.go:70] unknown field "spec.features[101].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912098 1 warnings.go:70] unknown field "spec.features[102].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912100 1 warnings.go:70] unknown field "spec.features[102].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912102 1 warnings.go:70] unknown field "spec.features[104].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912104 1 warnings.go:70] unknown field "spec.features[104].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912107 1 warnings.go:70] unknown field "spec.features[105].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912109 1 warnings.go:70] unknown field "spec.features[105].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912111 1 warnings.go:70] unknown field "spec.features[106].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912113 1 warnings.go:70] unknown field "spec.features[107].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912115 1 warnings.go:70] unknown field "spec.features[107].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912117 1 warnings.go:70] unknown field "spec.features[108].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912120 1 warnings.go:70] unknown field "spec.features[108].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912122 1 warnings.go:70] unknown field "spec.features[109].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912124 1 warnings.go:70] unknown field "spec.features[109].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912126 1 warnings.go:70] unknown field "spec.features[10].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912129 1 warnings.go:70] unknown field "spec.features[10].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912131 1 warnings.go:70] unknown field "spec.features[110].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912134 1 warnings.go:70] unknown field "spec.features[110].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912136 1 warnings.go:70] unknown field "spec.features[111].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912138 1 warnings.go:70] unknown field "spec.features[111].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912141 1 warnings.go:70] unknown field "spec.features[112].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912143 1 warnings.go:70] unknown field "spec.features[112].cveids" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912146 1 warnings.go:70] unknown field "spec.features[113].basescores" 2025-07-04T11:19:01.912177520Z W0704 11:19:01.912148 1 warnings.go:70] unknown field "spec.features[113].cveids" ...
The most likely cause is Clair switching to VEX sources in recent versions. This makes CSO reports in the OpenShift console unreliable.
Please check!
