Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-28357

[Claircore] Eliminate language false-positives due to installed APKs

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0

      Similar to RPMs, APKs may also install language packages (JavaScript, Go, etc). Chainguard explicitly calls these out and tells scanning vendors they need to eliminate these false-positives. See https://github.com/chainguard-dev/vulnerability-scanner-support/blob/main/docs/scanning_implementation.md#discovering-non-distro-packages-for-vulnerability-matching for more information.

      This is also tracked in https://issues.redhat.com/browse/CLAIRDEV-132.

              Unassigned Unassigned
              rtannenb@redhat.com Ross Tannenbaum
              ACS Scanner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: