Closed snooyen closed 2 weeks ago
Hello, thank you for reaching out. We are confirming receipt of your issue. We will begin investigating and will report back after we've triaged the issue.
@snooyen may I ask you to send us the complete inspector_scan.json
file?
I would like to trace the file in detail to see where the critical is coming from.
You can email it to us at inspector-opensource@amazon.com
or you can cut a ticket through AWS if you have a support plan:
https://aws.amazon.com/contact-us/
@bluesentinelsec I've sent you the complete scan JSON to inspector-opensource@amazon.com
! Thanks!
@snooyen we have identified the issue and we are working on a fix. We will notify you when a fix is available.
@snooyen our fix has been implemented within the Amazon Inspector service. The issue should resolve on your end without you needing to do anything. Can you please confirm whether your issue is resolved?
I'm going to mark this issue as resolved. Please re-open the issue if your problem is not resolved to your satisfaction.
Description
The scan action is reporting a critical vulnerability, but we are unable to identify which vulnerability received a
critical
rating through either the MarkDown summary or the uploaded scan results (JSON format).Expected Behavior
If the scanning tool reports critical vulnerabilities found, we'd expect to be able to identify which the critical vulnerability and resolve it to the relevant component.
Actual Behavior
MarkDown Summary:
Steps to Reproduce
Run Inputs:
We cannot provide you with our container image, but you can refer to the included scan MarkDown summary or attached scan result JSON file (components list removed).
inspector_scan_10479608527.json