Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5961

RHACS: CVE deferral process should include image digest option

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • RHACS, Vuln Management
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      The CVE deferral process should include the option to select by image digest, not just the image tag. 

       

       

      2. What is the nature and description of the request?

      The customer requests that the CVE deferral process include the option to apply a deferral based upon the image digest, and not just the tag, as almost 70% of the customer's images use the digest rather than the tag to identify images.  

      3. Why does the customer need this? (List the business requirements here)

      Almost 70% of the customer's images are identified by digest rather than tag, given the immutable nature of the digest.   Consequently, they are not able to use the deferral process.  Customer statement below: 

      For us this RFE is quite important as about 67% of our images are defined via digests.   For them we will need to use the work-around to specify all tags of the image.   For a false positive request, this may be ok, as this may be an architecture decision to mitigate a risk e.g. via another component.   And this architecture decision is independent of the version of the software.   For a defer this may be another story, as the decision to defer a vulnerability may be a temporary decision concerning the actual image. 

       

       

       

              sbadve@redhat.com Shubha Badve
              astrouse@redhat.com Aaron Strouse
              Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: