Be able to fail if high severity CVES are found than the one specified in clair_output #126
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As it stands now clair will only fail if number of cves found are greater than threshold, but there is also clairout that shows the CVEs we are interested in.
But we wanted to have combination of these two. say we have 4 high ones and 1 critical one, (total 5)
if we have set the threshold limit to be 6 then clairout to be hight, we were under the impression that pass up to 6 high prio cvsm but if any criticals are obeserved we dont want to pass that.
So we make sure that if any CVEs are observed beyond specified in clairout then the pipeline will fail , no matter the threshold is met or not. If higer prio cves is not seen then threshold would still act to fail or move the pipeline forward