Allow Kubescape image scan to have an allowed exception/CVE list #1564
Labels
feature
New feature or request
Comments
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Dec 31, 2023
This commit introduces the "exceptions" flag in the scan image command. Using this flag, the user can pass a list of vulnerabilites the ignore while scanning an image. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Dec 31, 2023
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 2, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 2, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 3, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 9, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
|
Awesome feature request! |
|
Please see the comments in #1568 |
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 13, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 16, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 16, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Jan 18, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
VaibhavMalik4187
added a commit
to VaibhavMalik4187/kubescape
that referenced
this issue
Feb 8, 2024
This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: kubescape#1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently Kubescape scan image does not allow us whitelist CVE's which we accept this can be useful when wanting to use kubescape as a quality gate but dont want to be blocking deployments due to upstream having not yet provisioned a patch. or it being decided to be a wont-fix.
Currently any CVE which reaches the required level eg: critical causes kubescape to return non 0, this can be a pain when the actual project has prioritised this as a low impact or a wont fix. EG
CVE-2023-23914 is marked as critical, however Curl has marked it as a low priority. This vuln only applies to a specific use case of Curl which you may or may not be using.
I would love to be able to pass a list of accepted CVE's I am aware of and accept the risk of deploying and only cause kubescape to non 0 if a CVE not in this list and of the correct level is found.
The text was updated successfully, but these errors were encountered: