-
Bug
-
Resolution: Fixed
-
Major
-
None
-
StackRox Container Image Scanner 1.3.5
Hi all,
I did use StackRox Container Image Scanner 1.3.5 for scan image. Example scan nginx:latest image.
When i run my pipeline it show me a StackRox Report
stage('Scan Image') {
steps {
script {
echo "Scan image"
stackrox (
apiToken: "${ROX_API_TOKEN}",
caCertPEM: '',
enableTLSVerification: false,
failOnCriticalPluginError: true,
failOnPolicyEvalFailure: true,
portalAddress: "${ROX_CENTRAL_ADDRESS}",
imageNames: "docker.io/nginx:latest"
)
}
I read vulnerabilities report and see some component have wrong severity.
| COMPONENT | VERSION | CVE | FIXABLE | SEVERITY | CVSS SCORE | SCORE TYPE | LINK |
| db5.3 | 5.3.28+dfsg1-0.8 | CVE-2019-8457 | LOW | FALSE | 9.8 | V3 | https://security-tracker.debian.org/tracker/CVE-2019-8457 |
Same image, i did scan manually and see different result severity about db5.3 package.
[root@runner ~]# docker run e ROX_API_TOKEN=$ROX_API_TOKEN -it quay.io/stackrox-io/roxctl -e central-stackrox.apps.ocp.testvn.click:443 -insecure-skip-tls-verify image scan --image docker.io/nginx:latest --output=table
Scan results for image: docker.io/nginx:latest
(TOTAL-COMPONENTS: 29, TOTAL-VULNERABILITIES: 64, LOW: 56, MODERATE: 0, IMPORTANT: 4, CRITICAL: 1)
-------------------------------------------------------------------------------------------------------------------------
| COMPONENT | VERSION | CVE | SEVERITY | LINK |
-------------------------------------------------------------------------------------------------------------------------
| db5.3 | 5.3.28+dfsg1-0.8 | CVE-2019-8457 | CRITICAL | https://security-tracker.debian.org/tracker/CVE-2019-8457 |
-------------------------------------------------------------------------------------------------------------------------
As you see, it have severity critical. I think it is bug.
