vunnel icon indicating copy to clipboard operation
vunnel copied to clipboard
verified publisher icon anchore

wip: rhel eus support

Open willmurphyscode opened this issue 1 year ago • 0 comments

This PR adds the ability for vunnel to emit EUS-specific fix information from the red hat provider. It enables the following match distinctions:

# non-EUS - package is vulnerable
❯ grype -v --distro rhel:9 'pkg:rpm/redhat/[email protected]_4?epoch=0' | rg -e NAME -e 53104
[0000]  INFO grype version: [not provided]
[0000]  INFO using distro: rhel:9
[0000]  INFO found 2370 vulnerability matches across 1 packages
NAME    INSTALLED                FIXED-IN                 TYPE  VULNERABILITY   SEVERITY   
kernel  0:5.14.0-427.50.2.el9_4  0:5.14.0-503.23.2.el9_5  rpm   CVE-2024-53104  High        
# EUS - package is fixed
❯ grype -v --distro rhel:9.4-eus 'pkg:rpm/redhat/[email protected]_4?epoch=0' | rg -e NAME -e 53104
[0000]  INFO grype version: [not provided]
[0000]  INFO using distro: rhel:9.4-eus
[0000]  INFO found 47 vulnerability matches across 1 packages
NAME    INSTALLED                FIXED-IN                 TYPE  VULNERABILITY   SEVERITY

This change also depends on anchore/grype#2540 and anchore/grype-db#540.

When they're all in and released, it will fix anchore/grype#2446

willmurphyscode avatar Mar 18 '25 14:03 willmurphyscode