Tell us about your request
I would like a CVE feed that will match SBOM entries for software manually installed in DOI.
Which service(s) is this request for?
Docker Official Images
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Scout will not match manually installed software since the CVE feeds it uses match specifically packaged software, e.g., the Debian feed only matches Debian packages. Therefore, we need to provide a feed that will match the SBOM entries mapping to software manually installed in DOI.
Are you currently working around the issue?
We are using other third party CVE scanners for DOI images.
Tell us about your request I would like a CVE feed that will match SBOM entries for software manually installed in DOI.
Which service(s) is this request for? Docker Official Images
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Scout will not match manually installed software since the CVE feeds it uses match specifically packaged software, e.g., the Debian feed only matches Debian packages. Therefore, we need to provide a feed that will match the SBOM entries mapping to software manually installed in DOI.
Are you currently working around the issue? We are using other third party CVE scanners for DOI images.
Additional context N/A