wip: rhel eus support #796

willmurphyscode · 2025-03-18T14:54:46Z

This PR adds the ability for vunnel to emit EUS-specific fix information from the red hat provider. It enables the following match distinctions:

# non-EUS - package is vulnerable
❯ grype -v --distro rhel:9 'pkg:rpm/redhat/kernel@5.14.0-427.50.2.el9_4?epoch=0' | rg -e NAME -e 53104
[0000]  INFO grype version: [not provided]
[0000]  INFO using distro: rhel:9
[0000]  INFO found 2370 vulnerability matches across 1 packages
NAME    INSTALLED                FIXED-IN                 TYPE  VULNERABILITY   SEVERITY   
kernel  0:5.14.0-427.50.2.el9_4  0:5.14.0-503.23.2.el9_5  rpm   CVE-2024-53104  High        
# EUS - package is fixed
❯ grype -v --distro rhel:9.4-eus 'pkg:rpm/redhat/kernel@5.14.0-427.50.2.el9_4?epoch=0' | rg -e NAME -e 53104
[0000]  INFO grype version: [not provided]
[0000]  INFO using distro: rhel:9.4-eus
[0000]  INFO found 47 vulnerability matches across 1 packages
NAME    INSTALLED                FIXED-IN                 TYPE  VULNERABILITY   SEVERITY

This change also depends on anchore/grype#2540 and anchore/grype-db#540.

When they're all in and released, it will fix anchore/grype#2446

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

wip: rhel eus support

82b5383

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

This was referenced Mar 18, 2025

wip: working distro flavors anchore/grype#2540

Draft

Feat distro flavors anchore/grype-db#540

Draft

willmurphyscode self-assigned this Mar 18, 2025

willmurphyscode added the enhancement New feature or request label Mar 18, 2025

willmurphyscode added this to OSS Mar 18, 2025

willmurphyscode moved this to In Progress in OSS Mar 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

wip: rhel eus support #796

wip: rhel eus support #796

wip: rhel eus support #796

Are you sure you want to change the base?

wip: rhel eus support #796

Conversation