You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We scanned an amazon linux image which has a sentry client jar. This found a bunch of false positive CVEs like these which are in mobileiron and sentry. It appears underling os is not being looked at properly.
Hi @anandgia — could you try this again using the latest release of Grype? I find I'm no longer able to reproduce this, but I'm curious what you're seeing.
What happened:
We scanned an amazon linux image which has a sentry client jar. This found a bunch of false positive CVEs like these which are in mobileiron and sentry. It appears underling os is not being looked at properly.
sentry 1.7.27 CVE-2014-1409 Critical
sentry 1.7.27 CVE-2018-8028 High
sentry 1.7.27 CVE-2013-7287 Critical
sentry 1.7.27 CVE-2020-8887 High
sentry 1.7.27 CVE-2020-15506 Critical
sentry 1.7.27 CVE-2020-15507 High
sentry 1.7.27 CVE-2013-7286 High
What you expected to happen:
No CVEs should be reported against sentry
How to reproduce it (as minimally and precisely as possible):
Run an amazon linux docker with sentry client jar bundled.
Anything else we need to know?:
Environment:
grype version
:cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: