This message was deleted.
# neuvector-securitya
adamant-kite-43734
11/29/2024, 8:33 AMThis message was deleted.
q
quaint-candle-18606
11/30/2024, 4:52 PMIt might be that vulns for a distro that old are no longer being reported by the feed(s).
m
modern-market-32052
12/01/2024, 8:42 AMIf that's the case I would expect
ubuntu:16.04 Copy code
docker run --rm neuvector/scanner -i ubuntu:16.04
2024-12-01T08:40:44|MON|Start scanner, pid=7
2024-12-01T08:40:44.394|INFO|SCN|container.Connect: - endpoint=unix:///var/run/docker.sock
2024-12-01T08:40:44.394|INFO|SCN|container.InitStubRtDriver:
2024-12-01T08:40:44.398|ERRO|SCN|orchestration.GetK8sVersion: Read File fail - tag=k8s, error=open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
2024-12-01T08:40:44.401|ERRO|SCN|orchestration.GetK8sVersion: Read File fail - tag=oc, error=open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
2024-12-01T08:40:44.401|INFO|SCN|main.main: Scan cacher maximum sizes - record=0
2024-12-01T08:40:44.401|INFO|SCN|common.LoadCveDb: Expand new DB - version=3.629
2024-12-01T08:41:05.092|INFO|SCN|main.scanOnDemand: registry - dockerRegistries.Contains(req.Registry) =false req.Registry= req.Repository=ubuntu
Image: <https://registry.hub.docker.com/library/ubuntu:16.04>
Base OS: ubuntu:16.04
Created at: 2021-08-31T01:21:30Z
Vulnerabilities: 246, HIGH: 83, MEDIUM: 126, LOW: 9, UNKNOWN: 28q
quaint-candle-18606
12/02/2024, 5:37 PMWhat version of NeuVector are you running? I ask because this may be an issue with the buffer size in the Controller, and likely would have a fix in 5.3.1+
m
modern-market-32052
12/03/2024, 5:53 AMIn the cluster we run 5.4.2 but I don't think it's related to the controller but rather the scanner. I was scanning using this command
Copy code
docker run --rm neuvector/scanner -i ubuntu:18.04q
quaint-candle-18606
12/03/2024, 4:10 PMOkay, yeah. Seeing same with Trivy, so 🤔 something else is going on. I know folks are looking into it.
m
modern-market-32052
12/04/2024, 6:53 AMI didn't check Trivy, I was using Grype to compare results.
I assume this means that you're using Trivy to do the scanning?
q
quaint-candle-18606
12/04/2024, 4:34 PMNo, it was just a sanity-check engineering did. 😉
quaint-candle-18606
12/04/2024, 4:36 PMWhile this is a lot of speculation on my part, the databases of CVEs keep growing and growing and growing, and at some point it wouldn’t be surprising to see data for old platforms fall out of the back end. For example, it wouldn’t be all that shocking to see certain tooling report back that scanning for CVEs on a platform that has been way out of Support for a certain amount of time is no longer supported in and of itself.
m
modern-market-32052
12/05/2024, 5:54 AMMakes sense I guess, what's annoying is that 16.04 does show vulnerabilities 🙂
May I come with a suggestion, and that is to have some sort of output explaining the results, just as trivy are doing.
Copy code
2024-12-05T06:54:25+01:00 WARN This OS version is no longer supported by the distribution family="ubuntu" version="16.04"
2024-12-05T06:54:25+01:00 WARN The vulnerability detection may be insufficient because security updates are not provided
ubuntu:16.04 (ubuntu 16.04)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)q
quaint-candle-18606
12/05/2024, 3:01 PMA very good idea.
m
modern-market-32052
12/05/2024, 3:25 PMYou wan't me to update the issue with the same statment?
q
quaint-candle-18606
12/05/2024, 3:25 PMAbsolutely. Thank you. 🙂
m
modern-market-32052
12/05/2024, 3:26 PMNo worries, thanks for taking the time to answer my questions! 🙂
q
quaint-candle-18606
12/05/2024, 4:20 PMand thank you for bringing feedback into the community
3 Views