whitelist known vulnerabilities in clair scanner until next centos se…

…rvice release

tests/centos7-clair-whitelist.yaml

@@ -0,0 +1,27 @@
+generalwhitelist:
+  RHSA-2019:2030: python
+  RHSA-2019:2237: nss-softokn
+  RHSA-2019:2237: nss-softokn-freebl
+  RHSA-2019:2118: glibc-common
+  RHSA-2019:2030: python-libs
+  RHSA-2019:2237: nspr
+  RHSA-2019:2075: binutils
+  RHSA-2019:2237: nss-sysinit
+  RHSA-2019:2118: glibc
+  RHSA-2019:2136: libssh2
+  RHSA-2019:2091: systemd
+  RHSA-2019:2189: procps-ng
+  RHSA-2019:2237: nss-util
+  RHSA-2019:2110: rsyslog
+  RHSA-2019:2057: bind-license
+  RHSA-2019:2091: systemd-libs
+  RHSA-2019:2304: openssl-libs
+  RHSA-2019:2237: nss
+  RHSA-2019:2237: nss-tools
+  RHSA-2019:2304: openssl-devel
+  RHSA-2019:2159: unzip
+  RHSA-2019:2181: libcurl
+  RHSA-2019:2197: elfutils-libs
+  RHSA-2019:2181: curl
+  RHSA-2019:2197: elfutils-libelf
+  RHSA-2019:2197: elfutils-default-yama-scope

tests/clairscan.sh

@@ -46,7 +46,8 @@ echo 'sending ip addr' ${clairip} 'to clair-scan server...'
 
 #run scan
 echo 'running scan...'
-./clair-scanner --ip ${clairip} $1
+./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
+#./clair-scanner --ip ${clairip} $1
 retcode=$?
 
 #eval results