Please use OVAL export for Ubuntu vulnerabilities source

Question

Please use OVAL export for Ubuntu vulnerabilities source

Tejuvmware opened this issue 3 years ago · comments

Description of Problem / Feature Request

This is with respect to the issue #804 . I'm one of the customer who is facing issues in pulling https://git.launchpad.net/ubuntu-cve-tracker (https://bugs.launchpad.net/ubuntu-cve-tracker/+bug/1943825) due to multiple github calls and on reaching out to ubuntu-cve-tracker team I have been redirected to clair developers.

I just wanted to check if we got fix for this in any of the versions of Clair ? Using OVAL is going to solve my problem. May I know in which versions of clair image this has been implemented ?

Currently I'm using goharbor/clair-photon:v2.1.0 version in our k8s cluster which is going with multiple docker image restarts as it is failing to pull https://git.launchpad.net/ubuntu-cve-tracker.

Hank Donnay · Answer 1 · Wed Sep 22 2021 01:39:17 GMT+0800 (China Standard Time)

V2 is not actively maintained. Changing the source has not been implemented in any Clair v2 version. Patches welcome.

Tejuvmware · Answer 2 · Wed Sep 22 2021 16:16:53 GMT+0800 (China Standard Time)

Thank you for the response @hdonnay. What can be the solution for the bug then?

Hank Donnay · Answer 3 · Wed Sep 22 2021 23:18:53 GMT+0800 (China Standard Time)

The solution would be for someone running the old version to write, test, and submit a patch.

Tejuvmware · Answer 4 · Tue Sep 28 2021 01:48:48 GMT+0800 (China Standard Time)

Can we have someone from clair developer to release a patch for this bug ?

Hank Donnay · Answer 5 · Tue Sep 28 2021 02:05:25 GMT+0800 (China Standard Time)

To the best of my knowledge, there are no active developers for v2.