Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-30776

False positives due to missing rpm module info

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False

      USER PROBLEM
      What is the user experiencing as a result of the bug? Include steps to reproduce.

      • False positives for rpm packages that contain an rpm module.

      CONDITIONS
      What conditions need to exist for a user to be affected? Is it everyone? Is it only those with a specific integration? Is it specific to someone with particular database content? etc.

      • Whenever the changes from SDENGINE-190 were applied. Applies to all versions of ACS that use VEX data.

      ROOT CAUSE
      What is the root cause of the bug?

      • The rpm module information was changed in the Red Hat VEX data feed; rpmmod info was moved to the product branches to a purl qualifier. Additionally, the rpmmod purl qualifier isn't present in all purls. See CLAIRDEV-157 and SDENGINE-190 for more details.

      FIX
      How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?

      • <pending>

      The fix will involve a combination of updating the Scanner updater with a version of claircore that contains the fix provided by CLAIRDEV-157 and a resolution from the VEX data issues flagged in SDENGINE-190.

              Unassigned Unassigned
              rh-ee-blugo Brad Lugo
              ACS Scanner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: