-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clair allways returns OK #1973
Comments
corrected the version in clair.yaml to 4.72 |
I can add to the above that pushing an image to QUAY also resuts in “Passed” and “no vulnerabilities found” My conslusion is that the interaction between CLAIRCTL and CLAIR works fine, aswell as the interaction between QUAY and CLAIR. So the issue must be in CLAIR, in its configuration or in POSTGRESQL. |
You're using an ancient, unsupported version. What does |
has clair been abandonned? I only have 1 reaction in 5 days. |
No, you just haven't provided any Clair output from the correct version. |
All theoutput above is from 4.7.2, as I stated above I had sent the wrong yaml. Here is the yaml again: apiVersion: apps/v1 |
The logs are not. Please post logs and json output from |
I completely deleted the postgres-database.
clairctl returns:
Clair logs:
|
And the json output from |
Here it is:
|
It looks like Debian has removed the data for Debian 9 (Stretch): % curl -sSfL https://security-tracker.debian.org/tracker/data/json |
jq 'to_entries | map(.value | to_entries | map(.value.releases | has("stretch")) | any) | any'
false Presumably they did this because Stretch was end-of-life two years ago. Given that there are no advisories to match against, it doesn't seem like anything is wrong. |
i have tried abot 20 different images that have known vulnerabilities , they all return 0 vulnerabilities when scanned with clair. |
OK. I can't be any help without specifics. Can you provide the Clair logs and |
Ok, i use ubuntu 22.04 as a test. GRYPE has the following result: bash 5.1-6ubuntu1 deb CVE-2022-3715 Low Scanning ubuntu with CLAIR has the following result: clairctl --iss quay report -o json --host http://192.168.2.110:30081 ubuntu:22.04 {"manifest_hash":"sha256:81bba8d1dde7fc1883b6e95cd46d6c9f4874374f2b360c8db82620b33f6b5ca1","packages":{"12":{"id":"12","name":"bsdutils","version":"1:2.37.2-4ubuntu3","kind":"binary","source":{"id":"11","name":"util-linux (2.37.2-4ubuntu3)","version":"1:2.37.2-4ubuntu3","kind":"source"},"arch":"amd64"},"24":{"id":"24","name":"dpkg","version":"1.21.1ubuntu2.2","kind":"binary","source":{"id":"1","name":"","version":""},"arch":"amd64"},"44":{"id":"44","name":"libapt-pkg6.0","version":"2.4.11","kind":"binary","source":{"id":"43","name":"apt","version":"2.4.11","kind":"source"},"arch":"amd64"},"116":{"id":"116","name":"libpam-modules","version":"1.4.0-11ubuntu2.4","kind":"binary","source":{"id":"115","name":"pam","version":"1.4.0-11ubuntu2.4","kind":"source"},"arch":"amd64"},"154":{"id":"154","name":"libtirpc-common","version":"1.3.2-2ubuntu0.1","kind":"binary","source":{"id":"153","name":"libtirpc","version":"1.3.2-2ubuntu0.1","kind":"source"},"arch":"all"},"4":{"id":"4","name":"apt","version":"2.4.11","kind":"binary","source":{"id":"1","name":"","version":""},"arch":"amd64"},"30":{"id":"30","name":"gcc-12-base","version":"12.3.0-1ubuntu1 And here is the CAIR logs: {"level":"info","component":"httptransport/New","request_id":"a141222e401c05e1","remote_addr":"192.168.2.110:36078","method":"GET","request_uri":"/indexer/api/v1/index_report/sha256:81bba8d1dde7fc1883b6e95cd46d6c9f4874374f2b360c8db82620b33f6b5ca1","status":200,"duration":110.614542,"time":"2024-02-20T18:43:29Z","message":"handled HTTP request"} |
The name of the matchers are incorrect in your |
Wow! Finally , after strugling three weeks I get a resut: Thanks a lot crozzy! clairctl --iss clairctl report --host http://192.168.2.110:30081 ubuntu:22.04 |
Description of Problem / Feature Request
when calling Clair it always return OK
Expected Outcome
Clair should report vulnerabilities
Actual Outcome
config.yaml:
clair.yaml:
clair log:
Environment
Kubernetes cluster microk8s version 1.29 running on ubuntu 22.04 on AMD64 processor
uname -a
): 6.2.0-1018-raspi Updater always set the latest successful date #20-Ubuntu SMP PREEMPT Tue Nov 21 13:32:12 UTC 2023 aarch64 aarch64 aarch64 GNU/Linuxkubectl version
): 1.29The text was updated successfully, but these errors were encountered: