Critical Currently the update process for clair definitions in quay requires a lot of work for the Customer.
They need to (as of https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html-single/vulnerability_reporting_with_clair_on_red_hat_quay/index#clair-disconnected-ocp-configuration):
- setup and maintain a connected clair
- export the updaters
- transfer the updaters
- connect the clair database to their transfer host
- import the updaters
(and doing some clair.config steps which I left out)
They are also required to update the Clair CPE mapping files regularly to ensure rpm scanning (see https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html-single/vulnerability_reporting_with_clair_on_red_hat_quay/index#mapping-repositories-to-cpe-information)
In opposition to this the update-process for clair definition files in RHACS is
- Download the definitions from red hat
- transfer the file
- Upload the definitions to central
After the great work that went into unifying the scanning experience in quay and rhacs it would be nice to also have a similar experience regarding the update process.
- is triggering
-
OCPSTRAT-1407 Simplified disconnected experience for Clair-based products
-
- New
-
