search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
252 stars 60 forks source link

Confusing results from docker scout cves on the fixed version vs the version exists #62

Closed asankaf closed 8 months ago

asankaf commented 8 months ago

We tried executing docker scout cves on one of our docker images and got some confusing findings on the package shown in the screenshot here. We are using the latest non-vulnerable version of the package as you can see from the version numbers (They are exactly the same), but docker scout cves still tells us that the vulnerability still exists.

image

Any idea as to why is it behaving like that? Is it because of the existence of the revision number in the package version (v2.88.6.0 vs v2.88.6)?

/Asanka

cdupuis commented 8 months ago

Thanks @asankaf for this report. I have an idea where this is coming. Let us dig in. I’ll report back once we have a fix in place.

whostolebenfrog commented 8 months ago

Hi @asankaf This should be resolved now. If you have a second I would appreciate you running it again to verify.

Thanks again for the detailed report!

asankaf commented 8 months ago

Hi @whostolebenfrog, I can confirm that the issue is fixed now.