Error log improvements for verifying vulnerability report

[yizha1]

What would you like to be added?

I set up a policy to block images that are not compliant with vulnerabilities standards by verifying vulnerability reports.

Case-1: No vulnerability report is attached to an image
The error message is like "verification failed: Error: referrers not found, Code: REFERRERS_NOT_FOUND, Component Type: executor", for normal users, they do not know what referrers mean. It will not help users to understand what happened

Improvement: at least we can add the information of artifactType, so that we know which artifact as the referrers is missing.

Case-2: Verify an image with vulnerabilities of disallowed severities

The message field of the verifier reports is "vulnerability report validation failed" which is very general, the severity violations include a full list of vulnerabilities from vulnerability report, which could be a long list that can flush out the logs

Improvement: The message can be more intuitive, like "Vulnerability report validation failed: Found vulnerabilities with severities in the deny list", in the extension, it could be a list of "CVE and Severity".

Case-3: Verify an image with vulnerabilities in the denylist

Similar to Case-2, the value in the message field is too general message": "vulnerability report validation failed".

Improvement: The message can be more intuitive, like "Vulnerability report validation failed: Found CVEs in the deny list"

Anything else you would like to add?

N/A

Are you willing to submit PRs to contribute to this feature?

• Yes, I am willing to implement it.

[akashsinghal]

This issue was largely fixed by #1238. However, case-1 is a longer tail fix since it requires changes at the executor level.

[susanshi]

@akashsinghal lets close this one and open specific executor level error improvement