-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
-
1. Proposed title of this feature request
The CVE deferral process should include the option to select by image digest, not just the image tag.
2. What is the nature and description of the request?
The customer requests that the CVE deferral process include the option to apply a deferral based upon the image digest, and not just the tag, as almost 70% of the customer's images use the digest rather than the tag to identify images.
3. Why does the customer need this? (List the business requirements here)
Almost 70% of the customer's images are identified by digest rather than tag, given the immutable nature of the digest. Consequently, they are not able to use the deferral process. Customer statement below:
For us this RFE is quite important as about 67% of our images are defined via digests. For them we will need to use the work-around to specify all tags of the image. For a false positive request, this may be ok, as this may be an architecture decision to mitigate a risk e.g. via another component. And this architecture decision is independent of the version of the software. For a defer this may be another story, as the decision to defer a vulnerability may be a temporary decision concerning the actual image.
- Support portal case: 0356990
- SFDC account info: kreditwerk AG