pierone icon indicating copy to clipboard operation
pierone copied to clipboard

Published 20 hours ago verified publisher icon zalando-stups

Inconsistent output about CVEs

Open dryewo opened this issue 8 years ago • 5 comments

When one requests pierone tags summary with Pierone CLI like this:

pierone tags ci cloud-kraken

it sometimes shows outdated information (NO_CVES_FOUND, for example), however, pierone cves shows up-to-date info for a specific image version:

pierone cves ci cloud-kraken 4242

Shows an up-to-date list of CVEs (including recent HIGH ones)

dryewo avatar Sep 23 '16 16:09 dryewo

Is it a bug in CLI or service BE?

rafaelcaricio avatar Oct 05 '16 11:10 rafaelcaricio

We'll have to find out, but most likely it's either Pierone backend (might be losing some notifications from Clair) or even Clair itself (might not be resending the notifications about updated analysis results).

dryewo avatar Oct 05 '16 12:10 dryewo

Ok. Pier One CLI does not cache any data. So I think the problem is not in the CLI.

rafaelcaricio avatar Oct 05 '16 12:10 rafaelcaricio

Can we plan a one-time test with e.g. pushing/deploying artifacts with CVEs and check where it fails? For all our applications not older than ~30-50 days it always shows "NoCVEsFound", which means some changes happened around this time in the past

ovolynets avatar Oct 05 '16 19:10 ovolynets

We did test runs, so far it looks that with each CVE update clair-sqs is failing to send some of the affected images to pierone. The reasons are still unclear, we need to investigate further.

dryewo avatar Oct 31 '16 17:10 dryewo