False positives on RedHat images after Prisma Cloud Compute v34.02 upgrade

False positives on RedHat images after Prisma Cloud Compute v34.02 upgrade

382
Created On 10/01/25 23:10 PM - Last Modified 10/03/25 21:25 PM


Symptom


• Upon upgrade to PCCE v34.02 and greater, RedHat-based images may show false positive detections.

Environment


• Prisma Cloud Enterprise Edition (SaaS)
• Prisma Cloud Compute Edition (v34.02.XXX+)
• RedHat Linux - based images

Cause


Quinn Update 2 (PCCE v34.02) implemented a change in our scanning procedure at the request of RedHat. Instead of preferring rhelRepoRelativeURLS (from /etc/yum.repos.d/) to match CPEs, we instead match using contentSets / rhelRepos (from /root/buildinfo/content_manifests/). If there's no information in /root/buildinfo/content_manifests/, we will match against all available security advisories.

For example, the package will be evaluated against both RHSA-2019:0981 and RHSA-2019:0997, as without the content sets we cannot determine which one properly applies. The ultimate cause of the false positive issues is the lack of content set information within some older base images provided by RedHat.

Resolution


  1. If the latest version of the RedHat base image has been fixed to contain the appropriate content sets in /root/buildinfo/content_manifests/, you may update the base image accordingly to resolve the issue.

Additional Information


N/A
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNzUKAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail