Skip to content

Handle existing resolved ocs vulns

Shao Ming Tan requested to merge smtan/handle-existing-resolved-ocs-vulns into master

What does this MR do and why?

This MR fixes OCS vulns that were previously resolved but are... (#488141 - closed)

OCS vulns that were previously resolved but are detected again are not set as detected

When an existing OCS vuln is detected again, this fix checks its status. If the status is resolved, it updates it to detected. For all other states, the vuln status remains unchanged.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before: When a resolved vulnerability has been detected again, its status would not be updated to Detected

After: Vulnerability status is updated to Detected

Before After
Screenshot 2024-09-23 at 2.36.00 PM.png Screenshot 2024-09-23 at 2.31.41 PM.png

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Setup OCS locally
  2. Run an OCS scan on a namespace containing a vulnerable pod
  3. Visit the Vulnerability Report and note the number of vulns.
  4. Resolve all the detected vulns.
  5. Run the OCS scan again
  6. Visit the Vulnerability Report dashboard and note that the vulns are marked as detected again
Edited by Shao Ming Tan

Merge request reports