Confirmation about report results display in image detail page

[xingzhang-suse]

Hi Fabrizio,
About Results List display when there are multiple results under report
In some image reports, there are multiple results entries with different class values. On the UI, we currently merge all results into a single CVE table for display.
Could you please confirm if this approach is correct?

[xingzhang-suse]

Answers from Flavio from Slack

https://suse.slack.com/archives/C08GX5XJ996/p1759907629206429?thread_ts=1759900625.194909&cid=C08GX5XJ996

Could you please confirm if this approach is correct?

This is correct. It's however important for you to understand why this is happening, and how to handle that.
A report might include results about system packages and also binaries that have not been installed via the package manager.
Everything has to be put into the same table.

However it's important that the user knows that /bin/foo is affected by a CVE because it's using an outdated version of the go compiler. The entry in the table should be about /bin/foo, not the go compiler.
Of course that means that some columns cannot be populated for that binary. There's a high chance we are not able to determine its version (it's a random binary dumped on the filesystem, without any rpm/dpk/apk metadata associated)

[flavio]

@xingzhang-suse: please consider creating 1 discussion per topic.

[xingzhang-suse]

@flavio Sure, I have split the discussion

[fabriziosestito]

@xingzhang-suse if this is resolved, let's mark the answer as accepted, see https://docs.github.com/en/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion#marking-a-comment-as-an-answer