Skip to content
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.

Ensure package version string is complete for all package types #504

Closed
zhill opened this issue Jun 26, 2020 · 0 comments · Fixed by #506
Closed

Ensure package version string is complete for all package types #504

zhill opened this issue Jun 26, 2020 · 0 comments · Fixed by #506
Assignees
@zhill
Labels
bug
Milestone
v0.7.3

Comments

@zhill
Copy link
Member

zhill commented Jun 26, 2020

For some package types the version string used in vulnerability listings is not consistent with the package content listing:

Check the content with a query like:
anchore-cli --json image content <someimage>
And it returns this for, say, musl:

        {
            "license": "MIT",
            "origin": "Timo Ter\u00e4s <timo.teras@iki.fi>",
            "package": "musl",
            "size": "602112",
            "type": "APKG",
            "version": "1.1.19"
        },

Now, check the vulns in the same image:
anchore-cli --json image vuln <someimage> all
And it returns this for musl (ignoring the other part of the reply):

            "package": "musl-1.1.19-r10",
            "package_cpe": "None",
            "package_cpe23": "None",
            "package_name": "musl",
            "package_path": "None",
            "package_type": "APKG",
            "package_version": "1.1.19-r10",
            "severity": "Unknown",
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697",
            "vendor_data": [],
            "vuln": "CVE-2019-14697"
@zhill zhill added the bug label Jun 26, 2020
@zhill zhill added this to the v0.7.3 milestone Jun 26, 2020
@zhill zhill self-assigned this Jun 26, 2020
zhill added a commit to zhill/anchore-engine that referenced this issue Jun 27, 2020
@zhill
Adds release to version string on package output for any os package t…
9b89db1 
…hat has a valid release component. Fixes anchore#504

Signed-off-by: Zach Hill <zach@anchore.com>
@zhill zhill mentioned this issue Jun 27, 2020
Merged
@zhill zhill linked a pull request Jun 27, 2020 that will close this issue
Ensure release component of version is included for os packages #506
Merged
@zhill zhill closed this as completed Jun 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@zhill zhill

Labels
bug
Projects
None yet
Milestone
v0.7.3
Development

Successfully merging a pull request may close this issue.

Ensure release component of version is included for os packages zhill/anchore-engine
1 participant
@zhill