search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
250 stars 60 forks source link

docker scout skip not-fixed [feature request] #82

Closed zencircle closed 5 months ago

zencircle commented 6 months ago

I would like a feature request for scout cli, where there an option to skip vulnerabilities that do not have a fix

See example below 

docker scout cves python:3.11-slim
pip 23.2.1
pkg:pypi/pip@23.2.1

    ✗ MEDIUM CVE-2023-5752 [Improper Neutralization of Special Elements used in a Command ('Command Injection')]
      https://scout.docker.com/v/CVE-2023-5752
      Affected range : <23.3                                         
      Fixed version  : 23.3                                          
      CVSS Score     : 5.5                                           
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N  
...
pkg:deb/debian/gcc-12@12.2.0-14?os_distro=bookworm&os_name=debian&os_version=12

    ✗ LOW CVE-2022-27943
      https://scout.docker.com/v/CVE-2022-27943
      Affected range : >=12.2.0-14  
      Fixed version  : not fixed    

23 vulnerabilities found in 16 packages
  LOW       22  
  MEDIUM    1   
  HIGH      0   
  CRITICAL  0

Out of the total 23 vulnerabilities fix is available only for 1, hence command like docker scout cves --skip-nofix python:3.11-slim would be very useful

cdupuis commented 6 months ago

@zencircle did you try the --only-fixed command line option?

cdupuis commented 5 months ago

Please re-open this if --only-fixed doesn't solve this for you.