Adding severities to Alpine
13 views
Skip to first unread message
celek ibm
Nov 29, 2023, 11:00:56 AM11/29/23
to clair-dev
Greetings :)
We all know there is no severity in Alpine vulnerabilities
to attempt to update the DB with the CVSS ?
Anyone has a link to the doc ?
I was looking at : https://github.com/quay/clair-enrichment-spec/blob/main/implementation.md
but maybe it is not the latest doc ? (I see some TODO)
Thanks
Joseph Crosland
Nov 29, 2023, 11:43:03 AM11/29/23
to clair-dev
Hi!
It's worth noting that the CVSS enricher will add enrichment data to the vulnerability report not modify existing vulnerabilities in that report.
That said, depending on how you are running Clair you can ensure the CVSS enrichment updater is running by adding `clair.cvss` to the updater.sets array in the config (it is also a default updater so removing the stanza entirely will also result in the CVSS enrichment updater running).
celek ibm
Nov 30, 2023, 5:41:10 AM11/30/23
to clair-dev
thank you 0- when you said
```
will add enrichment data to the vulnerability report
```
Do we have some info as to what data is added ?
Joseph Crosland
Nov 30, 2023, 11:00:50 AM11/30/23
to clair-dev
Each enricher is free to define it's own schema, in the case of the CVSS enricher the data added will look like this: https://github.com/quay/quay/blob/a9eaa380f1797c7303c34c0d51675134d095eb8e/data/secscan_model/test/vulnerabilityreport_withenrichments.json#L2112 with the key being the vulnerability ID and the value being an array of associated CVSS scores.
celek ibm
Dec 1, 2023, 8:04:35 AM12/1/23
to clair-dev
oh thanks, so the enricher only appears in the report - it does not add anything into any DB right ?
Joseph Crosland
Dec 1, 2023, 10:37:06 AM12/1/23
to celek ibm, clair-dev
The enrichment updater adds rows to the enrichment table, from there they are queried during matching time eg.:
* The CVSS enrichment updater runs and reaches out to the NVD API
* Clair(core) saves CVE-2023:123's CVSS score in the DB in the enrichment table
* A vulnerability report is requested and it contains a vulnerability related to CVE-2023:123
* The enricher will add an entry for that vulnerability/CVSS score in the enrichments section of the report
Hope this helps,
Crozzy
--
You received this message because you are subscribed to the Google Groups "clair-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clair-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/clair-dev/c1792ff6-2856-4ae5-8734-0817853781a0n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages