Enrich Container Scanning report with more metadata
As we are enriching our
sast reports with more data, we can do the same with Container Scanning.
Currently, we only display the priority, the identifier (with a link on mitre.org), and the affected layer (ex: "debian:8"):
In the raw report, we can more information, and it can be useful for the user, especially the impacted component (what clair is naming a
<CVE_ID> in <library_name>
<CVE_ID>if <library_name> is not available
<library_name>:<library_version> is affected by <CVE_ID>.
<library_name> is affected by <CVE_ID>.if library version is not provided
<namespace> is affected by <CVE_ID>.if library name is not provided
- We do it correctly on backend (for Group Dashboard) but it seems that indeed all other places relying on frontend doesn't normalize the severity into our own set of values. We can check and fix that easily on frontend.
- Omit and do not show.
- In dashboard show
-in the confidence column
Location / namespace:
- We currently show the namespace, we can improve by adding the image name and tag too.
- Include image name
- Omit. Not Applicable at the moment.
- Keep where applicable