New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixed issue where vulnerabilities were only getting logged when a fix… #248
fixed issue where vulnerabilities were only getting logged when a fix… #248
Conversation
e226916
to
5930725
Compare
/cc @listx @prathak07 |
@yodahekinsew: GitHub didn't allow me to request PR reviews from the following users: prathak07. Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
5930725
to
05653b9
Compare
cip.go
Outdated
@@ -286,6 +286,10 @@ func main() { | |||
|
|||
if *severityThresholdPtr >= 0 { | |||
klog.Info("********** START (VULN CHECK) **********") | |||
klog.Info("DISCLAIMER: Vulnerabilities are found as issues with " + | |||
"package binaries within image dependencies, not necessarily " + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/dependencies/layers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
cip.go
Outdated
@@ -286,6 +286,10 @@ func main() { | |||
|
|||
if *severityThresholdPtr >= 0 { | |||
klog.Info("********** START (VULN CHECK) **********") | |||
klog.Info("DISCLAIMER: Vulnerabilities are found as issues with " + | |||
"package binaries within image dependencies, not necessarily " + | |||
"with the image dependencies themselves. So a \"fixable\" " + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"For example, even though a fixed version of the binary is available, it does not necessarily mean that a new version of the image layer is available."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
…as found; also improved logging of vulns to include occurrence name and disclaimer that these vulns are only related to package binary issues
05653b9
to
70c0096
Compare
/test pull-cip-lint |
/lgtm /hold Remove hold when ready. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: listx, yodahekinsew The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixing the issue where vulnerabilities were only getting logged when a fixable vulnerability was found. The current behavior after this fix is that the vulnerability check will fail if and only if a severe and fixable vulnerability is found; but the vulnerability check will always log all of the vulnerabilities it finds. Additionally, if a fix is not available for an issue, we now clear out some of the fields that would incorrectly imply to the user that there was a fix when logged.