clair-scanner icon indicating copy to clipboard operation
clair-scanner copied to clipboard
verified publisher icon arminc

Add second method of whitelisting two CVEs for one system lib and container

Open mirekphd opened this issue 4 years ago • 0 comments

Currently if a single image and its single library (e.g. glibc) has multiple CVE's on the whitelist, only one of these CVE's will be considered by clair-scanner unless you put all these CVEs under a single image-based key, like this:

  mirekphd/ml-mariadb:
    CVE-2019-25013: glibc
    CVE-2021-33574: glibc

while this method won't work (the first of these CVE's will not be whitelisted):

  mirekphd/ml-mariadb:
    CVE-2019-25013: glibc
  mirekphd/ml-mariadb:
    CVE-2021-33574: glibc

May I suggest adding the support for the latter method as well?

mirekphd avatar Jul 17 '21 19:07 mirekphd