Previously, the colors for the *Low* and *Medium* severity issues of the Image Manifest Vulnerabilities (IMVs) did not match the color representation shown in the (link:https://quay.io/[Quay.io]) interface. As a result, when the user changed the severity order of vulnerabilities to *High*, the IMVs ordered the issues incorrectly. This created confusion when reviewing the IMVs. The current release fixes this issue. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1942716[*BZ#1942716*])
Created attachment 1766032[details]
Console showing IMV resource with reversed colors
Description of problem:
Quay Container Security operator uses orange color to represent Low vulnerabilities and yellow to represent Medium, whereas Quay.io interface uses the opposite (which would be more expected.)
Version-Release number of selected component (if applicable):
4.4
How reproducible:
Always
Steps to Reproduce:
1. Install the Quay Container Security operator
2 .View the Status card on the Overview (Cluster) Dashboard, there should now be a Image Vulnerabilities status
3. View the image manifest vuln resource (if vulnerable images are found) by clicking the count of namespaces.
4. If the image manifest vuln resource contains both medium and low vulnerabilties, note the colors
Actual results:
Medium is yellow, Low is orange
Expected results:
Medium is orange, Low is yellow, as shown on quay.io
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2021:2438
Created attachment 1766032 [details] Console showing IMV resource with reversed colors Description of problem: Quay Container Security operator uses orange color to represent Low vulnerabilities and yellow to represent Medium, whereas Quay.io interface uses the opposite (which would be more expected.) Version-Release number of selected component (if applicable): 4.4 How reproducible: Always Steps to Reproduce: 1. Install the Quay Container Security operator 2 .View the Status card on the Overview (Cluster) Dashboard, there should now be a Image Vulnerabilities status 3. View the image manifest vuln resource (if vulnerable images are found) by clicking the count of namespaces. 4. If the image manifest vuln resource contains both medium and low vulnerabilties, note the colors Actual results: Medium is yellow, Low is orange Expected results: Medium is orange, Low is yellow, as shown on quay.io Additional info: