You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm reporting this here instead clair-action because as far as I can understand the change in updater from Red Hat OVAL to Red Hat VEX might be the cause for the issue I'm seeing.
I've run clair-action with two different versions of claircore. One built from https://github.com/quay/clair-action at 26a067cffe5e75ef7365c084c699021577232448 using claircore v1.5.30, and the prebuilt quay.io/projectquay/clair-action:v0.0.8 using claircore v1.5.26. I've ran the updater to populate the database and saved the populated database together with clair-action to the images. The two images I've used are:
quay.io/redhat-appstudio/clair-in-ci@sha256:bbe08d35ea6a99260ca56284963450aff030d0fcb34fbb7e461dd1fc11e70e12 running clair-action v0.0.8 and claircore v1.5.26
quay.io/zregvart_redhat/clair-in-ci@sha256:ef2973e456f853377985e2e43ae842e222b5df1da26e828195b39e0a16f55da2 running clair-action at 26a067cffe5e75ef7365c084c699021577232448 and claircore v1.5.30
Both images have populated databases in /tmp/matcher.db.
If I run the clair-action report against the vulnerable image above, the report will contain 84 vulnerabilities with v1.5.26 and none with v1.5.30. In particular, I've installed a vulnerable subscription-manager package (version 1.29.33.1-1.el9_2), that I was expecting to be reported.
I can see that the data imported from the Red Hat VEX, resulted in 334 rows in the database, so the data seems to be present.
The text was updated successfully, but these errors were encountered:
I'm reporting this here instead clair-action because as far as I can understand the change in updater from Red Hat OVAL to Red Hat VEX might be the cause for the issue I'm seeing.
I have created a deliberately vulnerable image:
I've run clair-action with two different versions of claircore. One built from https://github.com/quay/clair-action at 26a067cffe5e75ef7365c084c699021577232448 using claircore v1.5.30, and the prebuilt
quay.io/projectquay/clair-action:v0.0.8
using claircore v1.5.26. I've ran the updater to populate the database and saved the populated database together with clair-action to the images. The two images I've used are:quay.io/redhat-appstudio/clair-in-ci@sha256:bbe08d35ea6a99260ca56284963450aff030d0fcb34fbb7e461dd1fc11e70e12
running clair-action v0.0.8 and claircore v1.5.26quay.io/zregvart_redhat/clair-in-ci@sha256:ef2973e456f853377985e2e43ae842e222b5df1da26e828195b39e0a16f55da2
running clair-action at26a067cffe5e75ef7365c084c699021577232448
and claircore v1.5.30Both images have populated databases in
/tmp/matcher.db
.If I run the
clair-action report
against the vulnerable image above, the report will contain 84 vulnerabilities with v1.5.26 and none with v1.5.30. In particular, I've installed a vulnerable subscription-manager package (version1.29.33.1-1.el9_2
), that I was expecting to be reported.I can see that the data imported from the Red Hat VEX, resulted in 334 rows in the database, so the data seems to be present.
The text was updated successfully, but these errors were encountered: