claircore icon indicating copy to clipboard operation
claircore copied to clipboard

Published 20 hours ago verified publisher icon quay

debian: change severity mapping

Open hdonnay opened this issue 2 years ago • 3 comments
trafficstars

Really seems like the severity mapping should be:

Debian Severity Claircore Severity
unimportant Negligible
low Low
medium Medium
high High
* Unknown

instead of

Debian Severity Claircore Severity
unimportant Low
low Medium
medium High
high Critical
* Unknown

Originally posted by @hdonnay in https://github.com/quay/claircore/pull/1067#discussion_r1334607884

hdonnay avatar Sep 22 '23 16:09 hdonnay

@RTann, do you recall what the thinking was on the current mapping?

hdonnay avatar Sep 22 '23 16:09 hdonnay

https://github.com/quay/claircore/discussions/828 context here

crozzy avatar Sep 22 '23 17:09 crozzy

Yeah #828 covers the reasoning. I aligned Debian's definitions with Red Hat's and that's how the severity mapping was done. I think it makes sense, as users who may want to filter by critical vulns will never see Critical Debian's vulns if we never use it

RTann avatar Sep 27 '23 15:09 RTann