Bug 1768496 - Image security dashboard card should make it clear we only check images from quay
Summary: Image security dashboard card should make it clear we only check images from ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.4.0
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks: 1779679
TreeView+ depends on / blocked
 
Reported: 2019-11-04 15:18 UTC by Samuel Padgett
Modified: 2020-05-04 11:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1779679 (view as bug list)
Environment:
Last Closed: 2020-05-04 11:14:43 UTC
Target Upstream Version:


Attachments (Terms of Use)
dashboard (41.55 KB, image/png)
2019-12-16 03:59 UTC, shahan
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 3547 0 'None' closed Bug 1768496: Clarify message about Quay image scanning 2020-05-01 12:38:28 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:15:11 UTC

Description Samuel Padgett 2019-11-04 15:18:43 UTC
The dashboard card from the security operator plugin doesn't make it clear that it only scans images from quay. This could give users a false sense of security when it says there are no vulnerabilities. It's possible containers running images from other registries are vulnerable.

We should add a statement in the UI that only images from quay are scanned.

Comment 1 Samuel Padgett 2019-11-21 14:32:20 UTC
This is not release blocking. Moving to low severity.

Comment 2 Peter Kreuser 2019-11-22 19:55:36 UTC
Status text: Quay Image Security
Popover title: Quay Image Security breakdown (Breakdown can be dropped if too long.)
Popover description: Container images from quay are analyzed to identify vulnerabilities. Images from other registries will not be scanned.

Comment 4 shahan 2019-12-16 03:59:56 UTC
Created attachment 1645423 [details]
dashboard

Comment 5 shahan 2019-12-16 04:01:08 UTC
The text show images scaned from quay
4.4.0-0.nightly-2019-12-15-184910

Comment 7 errata-xmlrpc 2020-05-04 11:14:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.