[bug] Not picking up EOL in nginx:1.21-alpine
noqcks opened this issue · comments
Benji Visser commented
What happened:
xeol nginx:1.21-alpine
✔ EOL DB [updated]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [43 packages]
✔ Scanned image [0 eol]
✅ no EOL software has been found
What you expected to happen:
I expect to see nginx 1.21 be EOL, since it is. It shows up as a package when doing syft output on the image. I believe the reason is because of inadequate matching in xeol. 1.21.6 is stored in the xeol database, but the version string contains an -r1
and is not matching because of this.
nginx 1.21.6-r1 apk
nginx-module-geoip 1.21.6-r1 apk
nginx-module-image-filter 1.21.6-r1 apk
nginx-module-njs 1.21.6.0.7.3-r1 apk
nginx-module-xslt 1.21.6-r1 apk
How to reproduce it (as minimally and precisely as possible):
xeol nginx:1.21-alpine
Anything else we need to know?:
No
Environment:
- Output of
xeol version
:
Application: xeol
Version: 0.2.7
Syft Version: v0.77.0
GitCommit: 1059a82f974122bce8498dec2adc5eefdca65100
Platform: darwin/arm64
GoVersion: go1.18.10
Compiler: gc
Benji Visser commented
This turned out to be an issue with lack of purl in endoflife.date