eric-desrochers
commented
2 years ago Does https://aquasecurity.github.io/trivy/latest/docs/vulnerability/distributions/ will also reflect the changes once approved/merged ?
Closed DmitriyLewen closed 2 years ago
eric-desrochers
commented
2 years ago Does https://aquasecurity.github.io/trivy/latest/docs/vulnerability/distributions/ will also reflect the changes once approved/merged ?
knqyf263
commented
2 years ago @eric-desrochers Yes. We saw the manifest update in CBL-Mariner Distroless 2.0, but didn't see it in CBL-Mariner Distroless 1.0. Do you have a plan?
eric-desrochers
commented
2 years ago Thanks @knqyf263 I just checked the source code, and you are right, the RPM queries aren't found in 1.0. I'll check this out with the Mariner dev and will get back to you. For now support for Distroless 2.0 would be the priority anyway.
knqyf263
commented
2 years ago Thanks.
eric-desrochers
commented
2 years ago Mariner dev should make the RPM query available in the next Mariner 1.0 image release (~1 month from now) I'll keep you posted once we have it ready for you to support.
knqyf263
commented
2 years ago @DmitriyLewen Could you merge the main branch?
DmitriyLewen
commented
2 years ago @knqyf263 Done!
Description
CBL-Mariner Distroless doesn't have package manager.
/var/lib/rpmmanifest/container-manifest-2file is used to get packages.Related issues