Incorrect old CVES are being report with COPY and python virtualenv
sumkincpp opened this issue · comments
When a COPY
command is used for python virtualenv, some old non-present vulnerabilities are being reported as CVE-s.
This seems like a bug starting with some new version of Quay - in some of the previous version I had not seen this behaviour.
Description of Problem / Feature Request
Expected Outcome
No errors are reported
Actual Outcome
CVEs are reported for some real old versions, even though the latest conform version is installed
Environment
Quay v3.8.11
We would need the Clair version, relevant logs, and the clairctl report -o json
output. A link to the relevant container would also be helpful.