Red Hat Bugzilla – Bug 1464410
CloudForms Container Scanner is delivering false results - RHSA-2017:0372: kernel-aarch64 security and bug fix update (Important)
Last modified: 2018-02-28 21:15:32 EST
Description of problem:
CloudForms does offer a Container Scanner functionality with OpenSCAP. This is currently broken as we get false positives.
Scanning a Ruby Container Image that is based on rhscl/ruby-23-rhel7 builder image release 6.9.
This is listed as having no Advisories today in our Red Hat Container Catalog.
However the OpenSCAP based Container Scanner keeps finding this :
RHSA-2017:0372: kernel-aarch64 security and bug fix update (Important)
This is not relevant and thus the scanner is broken.
Version-Release number of selected component (if applicable):
CF 4.5 and OCP 3.5
Build a test workload with the latest ruby 23 builder image.
Run the poliy check.
No Advisories found.
As we are running on x86 this should not matter at all.
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.
If it's something like a tracker bug where it doesn't matter, please set it to Low/Low.
This is essentially blocking practial usefulness of Container Scanns. You always get on high priority false positive. It is important that this is fixed quickly.
(In reply to Lutz Lange from comment #7)
> This is essentially blocking practial usefulness of Container Scanns. You
> always get on high priority false positive. It is important that this is
> fixed quickly.
Even if we keep this BZ for tracking purpose (as you see it is TestOnly) the real fix will happen in bug 1444716.
So for the real prioritization please refer to bug 1444716.
Currently there's nothing for us to fix here.
Postponing as this BZ is just for tracking progress of bug 1444716.
Openscap was tested and is verified.