Incorrect old CVES are being report with COPY and python virtualenv

Question

sumkincpp opened this issue 7 months ago · comments

When a COPY command is used for python virtualenv, some old non-present vulnerabilities are being reported as CVE-s.

This seems like a bug starting with some new version of Quay - in some of the previous version I had not seen this behaviour.

No errors are reported

CVEs are reported for some real old versions, even though the latest conform version is installed

Quay v3.8.11

Hank Donnay · Answer 1 · Sat Jan 06 2024 05:59:57 GMT+0800 (China Standard Time)

We would need the Clair version, relevant logs, and the clairctl report -o json output. A link to the relevant container would also be helpful.