Add script to inspect clair reports

[simonbaird]

I figured this could be useful for user support to show details about the CVE detected by clair.

IIUC you can see this kind of information in the clair scan taskrun logs, but this works if you don't have access to the taskrun logs, e.g. if they were garbage collected or if you don't have the right permissions in Konflux.

[simonbaird]

Example usage:

hack/view-clair-reports.sh quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v05/cli-v05@sha256:56513fe272f69e7ba06e23515e8add401f410febc5ae60b372416fde95255211 --high

---
#
# quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v05/cli-v05@sha256:4be81d33de0d8af7ef66c245995f2b53c5cd119dd5f2099a8b2d38841e17aee2
# Severity High
#
- name: CVE-2024-3596
  description: A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
  issued: "2024-07-09T00:00:00Z"
  normalized_severity: High
  package_name: krb5-libs
  fixed_in_version: 0:1.21.1-4.el9_5
- name: CVE-2024-10963
  description: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
  issued: "2024-11-07T00:00:00Z"
  normalized_severity: High
  package_name: pam
  fixed_in_version: 0:1.5.1-22.el9_5
- name: CVE-2024-10963
  description: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
  issued: "2024-11-07T00:00:00Z"
  normalized_severity: High
  package_name: pam
  fixed_in_version: 0:1.5.1-22.el9_5
- name: CVE-2024-3596
  description: A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
  issued: "2024-07-09T00:00:00Z"
  normalized_severity: High
  package_name: krb5-libs
  fixed_in_version: 0:1.21.1-4.el9_5

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.21%. Comparing base (3c9ee8a) to head (721e854).
Report is 44 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2196      +/-   ##
==========================================
- Coverage   71.22%   71.21%   -0.01%     
==========================================
  Files          89       88       -1     
  Lines        7479     7501      +22     
==========================================
+ Hits         5327     5342      +15     
- Misses       2152     2159       +7     

Flag	Coverage Δ
generative	71.21% <ø> (-0.01%)	⬇️
integration	71.21% <ø> (-0.01%)	⬇️
unit	71.21% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 12 files with indirect coverage changes