Closed Xeroxxx closed 6 months ago
Thanks for the report. Yes, it is probably the cause. @DmitriyLewen Can you please take a look?
Thank you for this extensive analysis. It explains everything for us. We currently have the same falsepostive message for all our services.
I think that helps a lot for a quick fix!
This is issue for Trivy. For this task I created https://github.com/aquasecurity/trivy/issues/6294.
Regards, Dmitriy
Amazonlinux is flagged as EOL for 2 days now.
Reason seems to be a change of the version schema in /etc/*elease files. Changing from Amazon Linux 2023 to Amazon Linux release 2023.3.20240304 (dynamic).
Reproduce: Pull Image Amazon Linux 2023 from ECR (latest) Pull Image Amazon Linux 2023 from DockerHub (older)
Error Message: ERROR Detected EOL OS: amazon 2023.3.20240304 (Amazon Linux)
Code to blame: https://github.com/aquasecurity/trivy-db/blob/db9bf07792afba73dceb20b99723c8af007da1f8/pkg/vulnsrc/amazon/amazon.go#L98
Proposal: Check first digits till dividing dot match targetVersion (for 2023 and newer) or check "VERSION" (present in 2 and 2023)
NEW vs OLD:
Thank you