IBM Cloud Docs
Vulnerability Advisor version 3 is being discontinued on 13 November 2023

Vulnerability Advisor version 3 is being discontinued on 13 November 2023

The version of the Vulnerability Advisor component of IBM Cloud® Container Registry has been updated. Vulnerability Advisor version 4 is now the default. Vulnerability Advisor version 3 is already deprecated and is discontinued from 13 November 2023. If you are still using version 3, you must update to Vulnerability Advisor version 4 by 13 November 2023. If you are already using version 4, no action is required.

What you need to know about this change

If you use the IBM Cloud console to access Vulnerability Advisor, no action is required. The IBM Cloud console is automatically updated to Vulnerability Advisor version 4.

If you use the IBM Cloud CLI, you must update the container-registry CLI plug-in to version 1.0.0, or later, by 13 November 2023. Updating the container-registry CLI plug-in to version 1.0.0, or later, enables the ibmcloud cr va command and the --va option on the ibmcloud cr images and ibmcloud cr digests commands to work with Vulnerability Advisor version 4. On 13 November 2023, any Container Registry CLI commands that access Vulnerability Advisor version 3 cease to work.

If you have explicitly run the ibmcloud cr va-version-set v3 command previously, you must set the version to version 4.

If you use the Vulnerability Advisor REST API to access Vulnerability Advisor, you must update your client call from /va/api/v3 APIs to /va/api/v4 APIs.

You must be using version 1.0.0, or later, of the SDK.

Any exemptions that you previously defined for version 3 continue to work. However, the security notice value that comes back in Vulnerability Advisor version 4 might not be the same as for Vulnerability Advisor version 3 because different sources of data are used. Therefore, if the returned value isn't the same as for Vulnerability Advisor version 3, you might have to update any existing exemptions that specify a security notice. Exemptions that are defined by CVE value are unaffected.

Differences in Vulnerability Advisor version 4 behavior are documented in About Vulnerability Advisor.

What actions you must take by 13 November 2023

To update to Vulnerability Advisor version 4, complete the following steps:

  1. Ensure that you are using version 1.0.0, or later, of the container-registry CLI plug-in. To update the plug-in, see Updating the container-registry CLI plug-in.

  2. If required, set the Vulnerability Advisor version to version 4 by running the following command:

    ibmcloud cr va-version-set v4

  3. If required, update any existing exemptions that specify a security notice.

  4. Update any code to reference the version 4 APIs.

  5. Ensure that you are using version 1.0.0, or later, of the SDK, see container-registry-go-sdk.