You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability Scan Execution Result in Build History in security tab gets modified for all the previous builds. If older build had 100 Critical vulnerabilities and latest build has 5 vulnerabilities then devtron modifies the older image scan execution result and we would see just 5 vulnerabilities in older build as well.
Criticality
P1 - High
Impact on Enterprise
Devtron is changing the source of truth with respect to Vulnerability Scan Execution Result.
Devs / DevOps will not be able to evaluate how many vulnerabilities actually got fixed.
👟 Steps to replicate the Issue
Build an image with some OS level vulnerabilities (Make sure to enable the scanning). Note the timestamp of the image scan.
Enable vulnerability scanning plugin in post CI and build the image again. Again Note the timestamp of the image scan.
Check back the image scanning timestamp for older build again, it will get modified with the new one.
This means we are modifying Vulnerability Scan Execution Result
👍 Expected behavior
Vulnerability Scan Execution Result should not be modified.
👎 Actual Behavior
Vulnerability Scan Execution Result get modified to latest scan.
☸ Kubernetes version
NA
Cloud provider
NA
🌍 Browser
Chrome
🧱 Your Environment
NA
✅ Proposed Solution
NA
👀 Have you spent some time to check if this issue has been raised before?
📜 Description
Vulnerability Scan Execution Result in Build History in security tab gets modified for all the previous builds. If older build had 100 Critical vulnerabilities and latest build has 5 vulnerabilities then devtron modifies the older image scan execution result and we would see just 5 vulnerabilities in older build as well.
Criticality
P1 - High
Impact on Enterprise
👟 Steps to replicate the Issue
👍 Expected behavior
Vulnerability Scan Execution Result should not be modified.
👎 Actual Behavior
Vulnerability Scan Execution Result get modified to latest scan.
☸ Kubernetes version
NA
Cloud provider
🌍 Browser
Chrome
🧱 Your Environment
NA
✅ Proposed Solution
NA
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
AB#7749
The text was updated successfully, but these errors were encountered: