Current Scenario:
Here’s what what we were doing, how it stopped working, and what we’d like the end product to look like..

We were using the api to grab the data from quay(data on pkgs), and the quay operator(data on platform). We were then compiling that into an xls, and sending it to out RVM (Risk+Vuln Mngmt).

Our stop gap is that one of our engineers, bi-weekly, goes to quay, selects the base image, and just copy/pastes the vuln data from there into an xls report, and sends its to the team.

We tried using clairctl, but ran into some serious issues with it not working on some repos, and being told explicitly that clairctl was not what we wanted to use by support.

Customer Feedback/RFE:

We love the data Quay/clair provides, but its just that pesky fact of exporting it into a report for consumption/reporting by external teams.

If we had that export button, I think we’d be golden. We totally understand that its just a vuln list export/report as of the moment we press the button, and if something sev 1 pops up 5 minutes later, we wouldn’t have that in the report.. and we’re fine with that, we just need a report that states X vuln as of Y time.