He, I think there is a problem with whitelists. In my case I am building my images via a gitlab-ci pipeline that is executed on a machine by a gitlab-runner. After that I scan the created image on that machine which often throws CVEs regarding the underlying linux kernel. While the image is build on this system it will never run there but is deployed on another machine with a newer linux kernel without the vulnerabilty. Because of this I would say we need something like a wildcard for linux-CVEs like this
He, I think there is a problem with whitelists. In my case I am building my images via a gitlab-ci pipeline that is executed on a machine by a gitlab-runner. After that I scan the created image on that machine which often throws CVEs regarding the underlying linux kernel. While the image is build on this system it will never run there but is deployed on another machine with a newer linux kernel without the vulnerabilty. Because of this I would say we need something like a wildcard for linux-CVEs like this
or maybe a switch to toggle this function, like: