grype
grype copied to clipboard
Published
20 hours ago •
anchore
anchore
Warning repeats many times: no vulnerability namespaces found for distro=alpine (version unknown)
I don't know if this is a bug or intended behavior, but I did not found any similar report in github issues. Feel free to close if this working as expected.
What happened:
grype shows many messages like this in output:
[0006] WARN no vulnerability namespaces found for distro=alpine (version unknown)
What you expected to happen: Perhaps see this warning only once (at the moment of writing message repeats 56 times)
How to reproduce it (as minimally and precisely as possible):
grype alpine:edge
Anything else we need to know?: I don't think so.
Environment:
- Output of
grype version:
Application: grype
Version: 0.49.0
Syft Version: v0.55.0
BuildDate: 2022-09-01T17:16:36Z
GitCommit: 98104952120d3e368d265566b3d6b415e9da538a
GitDescription: v0.49.0
Platform: darwin/arm64
GoVersion: go1.18.5
Compiler: gc
Supported DB Schema: 4
- OS (e.g:
cat /etc/os-releaseor similar):
macOS 12.5.1 21G83 arm64
Thanks for the report! Yes, we have noticed this behaviour when using alpine:edge and are looking into how we can properly support vulnerability matching for it against the alpine edge vuln feed. Currently grype will fall back to CPE-based matching against NVD data sources when it can't match to a more specific distro feed, but that isn't particularly reliable.
@westonsteimel what about showing this warning only once, instead of repeating it many times in output? Currently it looks like this:
% grype alpine:edge
✔ Vulnerability DB [no update available]
✔ Parsed image
✔ Cataloged packages [14 packages]
✔ Scanned image [7 vulnerabilities]
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
[0005] WARN no vulnerability namespaces found for distro=alpine (version unknown)
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.35.0-r18 apk CVE-2022-28391 High
ssl_client 1.35.0-r18 apk CVE-2022-28391 High
zlib 1.2.12-r1 apk CVE-2018-25032 High
zlib 1.2.12-r1 apk CVE-2022-37434 Critical
Have same issue with 0.50 version in debian:sid and debian:bookworm containers
grype debian:sid
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [89 packages]
✔ Scanned image [0 vulnerabilities]
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
[0011] WARN no vulnerability namespaces found for distro=debian (version unknown)
Hi everyone, I am unable to reproduce this on the latest version of Grype, so I'll go ahead and close this issue. Please reopen if you are still seeing this problem. Thanks!
