Open heiwu opened 2 years ago
Hey @heiwu, thanks for this report.
I was wondering about two things:
Hi @moio, thanks for your feedback! Currently most of our Clients are SLES15 SP2. You are right, CVE Audit feature would only help in case of any "famous" CVE that gets special attention. But If you could enhance that function to also report all CVEs that need to be fixed by patching client systems (even if their current channels first need to be synced), that would be great! I am thinking of implementing this maybe with
Today we also spoke to Jörg Bunse about this feature/request, maybe he can provide further information about this?
@heiwu I have on my to-do list a feasibility assessment - we need to make sure this is computationally feasible from a performance standpoint. Current CVE Audit searches take well under a second in normal circumstances, but just running that algorithm through the thousands of possible CVE numbers is necessarily going to take a long time.
I can also speak with Jörg, of course :wink:
Sure, scanning all CVEs would be really expensive. Maybe one way could be to just scan all for the first time, save the result, and after that only scan "new" CVEs and systems (diff)? Another way could be to not only compare a system's package list to what its repos provide but also to what is available upstream? So if i have a sles15sp2 system in a CLM env "prod", i not only see which updates are available within my CLM Prod channels but also in SUSE's official upstream Channels...
Hi all, @moio
any news on this one?
BR Heiner
The topic's importance hasn't really changed, but I also do not have any news for you today, sorry.
Please add notifications about staged (CLM) channels that need to be synced to distribute (security) patches
We are using content lifecycle management and would like to know which upstream channels have updates that are relevant to our systems before we sync that channels.
Details
Thanks for this great product! BR Heiner