jerbia
commented
4 years ago Hi @Mel-Github Can you provide reproduction steps? How did you upload the report to the Aqua Console?
Would it be possible to add a screenshot of the scan results?
Open Mel-Github opened 4 years ago
jerbia
commented
4 years ago Hi @Mel-Github Can you provide reproduction steps? How did you upload the report to the Aqua Console?
Would it be possible to add a screenshot of the scan results?
Devops-continens
commented
4 years ago Hi Jerbia
I have attached 2 documents that I have also submitted into support ticket previously. Apparently microscanner seems to "group" critical vulnerabilities under the "high" category. The attached snapshot shows the scan result using microscanner vs image scanned in Aqua CSP. Archive.zip
I performed a microscanner scan against one of my repository image. I notice that the MicroScanner report is differ from the report that I have registered inside the Aqua console.
I have 2 set of scan report (1 set directly from the MicroScanner output and 1 set generate from rest API). These 2 sets of report does not have any critical vulnerability, the report detected total of 5 high severity vulnerabilities.
However, once this report has been uploaded into Aqua console, the Aqua console has moved one of the high severity vulnerability into "critical" and 4 high severity vulnerabilities.
Somehow one of high vulnerability has been upgraded to "critical" inside Aqua console.