Jfrog Xray: Violation shows fix version, but still reports as violation

Asked Aug 02 '23 at 13:17

Active Aug 02 '23 at 13:17

Viewed 27 times

I recently upgraded our docker image to the fix version shown for:

Upgrade To:

 8:sqlite-libs - 0:3.26.0-18.el8_8

And the component shows the correct version

Impacted Component: rpm://8:sqlite-libs:0:3.26.0-18.el8_8

But the violation still shows in the UI. Is this due to the:

Vulnerable Versions:

 8:sqlite-libs - All Versions

If so I will go about adding to ignore list.

I am expecting this to not show up in violations since I have the correct upgrade version.

asked Aug 02 '23 at 13:17

Ethan Lebioda

There are multiple vulnerabilities related sqlite-libs which affects All Versions. Violations will be generated for those if policy criteria matches for the vulnerabilities, in such case, you can use ignore rules accordingly. Add more information if it is reporting for any specific CVE which was fixed already. – sankar dunga Aug 04 '23 at 04:40

0 Answers0