Comments (3)
yoyz
commented on May 28, 2024
Might be in a way link to the following commit :
commit e9f553e0dbe815203d012bcf3c23c4c2505d2cec
Author: crozzy <[email protected]>
Date: Thu Dec 15 15:04:58 2022 -0800
rhel: Check that after casting to mappingFile we have a usable mapper
Currently it is possible that if the repo2cpe_mapping_url or the
repo2cpe_mapping_file (or indeed if the endpoint is down) that we will
panic as the mappingFile will cast to a nil. This will check for a nil
mapper before it gets accessed and error out. This is also an issue
for name2repos_mapping_url and name2repos_mapping_file used by RHCC
scanner.
Signed-off-by: crozzy <[email protected]>
from clair.
crozzy
commented on May 28, 2024
What is funny to me is that this is apparently an Alpine image, but the error indicates that it's related to rhel-specific code.
Because we don't know anything about the image when we index it, all the (configured) scanners are run on every layer, hence why the rhel specific scanning is running.
The PR that holds the commit mentioned was to avert a panic in the above situation and instead surface. Since then we've changed the instantiation of a number of components and this should be non-issue going forward (quay/claircore#867) as the ingesting of the files should be a lot more infrequent.
from clair.
hdonnay
commented on May 28, 2024
This should be fixed in 4.7
from clair.
Related Issues (20)
- clairctl import-updaters error when vulnerabilities gz file is about 200MB HOT 6
- Ports not correctly handled when configuring indexer.airgap
- Documented updated.filters feature is not implemented HOT 1
- vulnerabilities not matched for `node:12.22-buster` image
- Problems trying to integrate the clair notifier
- Running Clair locally is DOA HOT 2
- clair-matcher warning unable to parse python vulnerability range HOT 4
- docs: `--host` incorrectly documented as main command flag HOT 3
- Not finding any CVEs despite Trivy and Grype finding many HOT 9
- docs: cmd: document dropins scheme
- notifier: migrate to `amqp091` HOT 1
- docs: Add grafana and pyroscope to the testing.md docs HOT 1
- Verifying the Clair Installation HOT 3
- CVE-2023-38408 is not found on any images that other scanners show have it HOT 2
- CVE-2020-7712 is for node json package but clair false positives by flagging ruby json package as vulnerable HOT 1
- Clair Vulnerability Databases/Sources HOT 2
- config: lint for `jaeger` protocol & support for OTLP export HOT 1
- clairctl: export-updaters OOM issues HOT 7
- Incorrect old CVES are being report with COPY and python virtualenv HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clair.