Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2245943

Summary: The report "Host - Vulnerabilities" it's not working properly
Product: Red Hat Satellite Reporter: Waldirio M Pinheiro <wpinheir>
Component: SCAP PluginAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED NOTABUG QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.13.5CC: ahumbe, anerurka, aruzicka, casl, jbhatia, jlenz, mhulan, mkalyat, rlavi, sadas, saydas
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-03-14 14:50:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Waldirio M Pinheiro 2023-10-24 17:07:30 UTC 
Description of problem:
The report "Host - Vulnerabilities" it's not working properly, even with the content host presenting the errata + CVEs available, the report is still empty.

Version-Release number of selected component (if applicable):
6.13.z

How reproducible:
100%

Steps to Reproduce:
1. Sync the repos
2. Spin up a CH in GA version, in my test, rhel8.0
3. Register, upload the list of packages "dnf uploadprofile"
4. Check in the webUI, you will be able to see in errata the long list, you can filter by cve and this will present only the errata with CVE
5. Go to report template, and check in preview or click on the button to generate the report "Host - Vulnerabilities"

Actual results:
Empty list

Expected results:
List of CVEs associated to the content host

Additional info:
Comment 5 Jeremy Lenz 2023-12-12 15:14:21 UTC 
Hello Waldirio,

This report has an input, 'Without Errata Only.' It defaults to 'yes', and if set to yes, will only show CVEs with no errata attached.

If all of your CVEs have an errata, this may explain why the report is blank.

If you set this to 'No' and generate the report again, does it resolve the issue?
Comment 6 anerurka 2024-03-11 11:36:41 UTC 
(In reply to Jeremy Lenz from comment #5)
> Hello Waldirio,
> 
> This report has an input, 'Without Errata Only.' It defaults to 'yes', and
> if set to yes, will only show CVEs with no errata attached.
> 
> If all of your CVEs have an errata, this may explain why the report is blank.
> 
> If you set this to 'No' and generate the report again, does it resolve the
> issue?

Hi Jeremy,

Even if it's set to No the generated report is blank.
Comment 11 Adam Ruzicka 2024-03-14 08:56:03 UTC 
> Steps to reproduce:
> ...
> 4. Check in the webUI, you will be able to see in errata the long list, you can filter by cve and this will present only the errata with CVE

Where exactly is this in the webui?
Comment 13 Marek Hulan 2024-03-14 14:50:03 UTC 
I'm closing this bug as NOTABUG as this report was meant for OVAL scanning based data, which is still in tech preview mode and will be removed in future from Satellite. For getting the same information based on the Katello CVEs list, the Host - Available Errata should be used with the Errata filter set to "type = security". That gives the list of all security advisories with linked CVEs.