Closed willmurphyscode closed 1 month ago
Looks like I'll need to also fix the wofli issue in this PR:
Running relative comparison...
Results used:
├── 5cadc426-434a-4bb4-a832-3f71aaa5b16b : grype[custom-db]@v0.77.4 against cgr.dev/chainguard/wolfi-base@sha256:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507
└── 1b4d8c15-7c74-43e7-a770-b79f2045544e : grype@v0.77.4 against cgr.dev/chainguard/wolfi-base@sha256:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507
Running comparison against labels...
Results used:
├── 5cadc426-434a-4bb4-a832-3f71aaa5b16b : grype[custom-db]@v0.77.4 against cgr.dev/chainguard/wolfi-base@sha256:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507
└── 1b4d8c15-7c74-43e7-a770-b79f2045544e : grype@v0.77.4 against cgr.dev/chainguard/wolfi-base@sha256:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507
Match differences between tooling (with labels):
TOOL PARTITION PACKAGE VULNERABILITY LABEL COMMENTARY
grype[custom-db]@v0.77.4 ONLY zlib@1.2.12-r2 GHSA-mq29-j5xf-cjwr (unknown)
I think we need to label GHSA-mq29-j5xf-cjwr for cgr.dev/chainguard/wolfi-base@sha256:be3834598c3c4b76ace6a866edcbbe1fa18086f9ee238b57769e4d230cd7d507
Otherwise the quality gate will keep failing.
Addresses one of the problems mentioned in https://github.com/anchore/vunnel/issues/583.
The namespace is coming up now.
Manual testing done on
main
:make dev provider=alpine
make update-db