You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
For some package types the version string used in vulnerability listings is not consistent with the package content listing:
Check the content with a query like:
anchore-cli --json image content <someimage>
And it returns this for, say, musl:
{
"license": "MIT",
"origin": "Timo Ter\u00e4s <timo.teras@iki.fi>",
"package": "musl",
"size": "602112",
"type": "APKG",
"version": "1.1.19"
},
Now, check the vulns in the same image:
anchore-cli --json image vuln <someimage> all
And it returns this for musl (ignoring the other part of the reply):
"package": "musl-1.1.19-r10",
"package_cpe": "None",
"package_cpe23": "None",
"package_name": "musl",
"package_path": "None",
"package_type": "APKG",
"package_version": "1.1.19-r10",
"severity": "Unknown",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697",
"vendor_data": [],
"vuln": "CVE-2019-14697"
The text was updated successfully, but these errors were encountered:
For some package types the version string used in vulnerability listings is not consistent with the package content listing:
The text was updated successfully, but these errors were encountered: