Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: ui/vulnerabilities: entries need more detail about the CVE #405

Closed
mikemccracken opened this issue Nov 2, 2023 · 4 comments
Closed

[Bug]: ui/vulnerabilities: entries need more detail about the CVE #405

mikemccracken opened this issue Nov 2, 2023 · 4 comments
Assignees
@laurentiuNiculae @Andreea-Lupu
Labels
bug Something isn't working ui ZOT web-based UI related tasks

Comments

@mikemccracken
Copy link

zot version

v1.4.3

Describe the bug

as a person evaluating cves found in an image I am responsible for, I need to quickly find the following info about a cve:

  1. link to a database with any bugs filed, diffs/PRs for fixes, discussions etc. for example, NIST's NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39325

  2. if available from the scanner, the distro package name(s) that have the bug and if applicable the versions where it was fixed.

  3. also if available, file names where the scanner thinks it found the cve, to help understand possible false positives

To reproduce

  1. Configuration
  2. Client tool used
  3. Seen error

Expected behavior

No response

Screenshots

No response

Additional context

No response
@mikemccracken mikemccracken added the bug Something isn't working label Nov 2, 2023
@mikemccracken mikemccracken mentioned this issue Nov 2, 2023
Closed
@andaaron andaaron added the ui ZOT web-based UI related tasks label Nov 9, 2023
@laurentiuNiculae laurentiuNiculae mentioned this issue Nov 27, 2023
Closed
@andaaron andaaron linked a pull request Nov 28, 2023 that will close this issue
feat(cve): add reference url for cve project-zot/zot#2079
Closed
@andaaron andaaron removed a link to a pull request Nov 28, 2023
feat(cve): add reference url for cve project-zot/zot#2079
Closed
@andaaron
Copy link
Contributor

Backend side enhancement: project-zot/zot#2079
UI side will need a separate PR.

@andaaron
Copy link
Contributor

BE was actually updated in project-zot/zot#2086

@andaaron andaaron transferred this issue from project-zot/zot Dec 15, 2023
@Andreea-Lupu Andreea-Lupu mentioned this issue Feb 5, 2024
Merged
@andaaron
Copy link
Contributor

andaaron commented Feb 7, 2024

@mikemccracken we have an update, merged in #419 / project-zot/zot#2233

We could not obtain the file names, but the package names/versions, and reference URL have been added.
There is a field https://github.com/aquasecurity/trivy/blob/a96f66f176e512ffb029f2d421e2d77b805eb6ee/pkg/types/vulnerability.go#L14, but it is the path of the package, not and actual file in the package, and is not available for all package types.

@mikemccracken
Copy link
Author

current version looks like it resolves all of these, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laurentiuNiculae laurentiuNiculae

@Andreea-Lupu Andreea-Lupu

Labels
bug Something isn't working ui ZOT web-based UI related tasks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikemccracken @andaaron @laurentiuNiculae @Andreea-Lupu