As of at least v1.5.31, Claircore does not fetch Oracle Linux vulnerabilities from the current year. See https://github.com/quay/claircore/blob/v1.5.31/oracle/updaterset.go#L13 Fxing this brings an opportunity to improve the Oracle Linux support: * https://linux.oracle.com/security/oval/ provides version-specific OVAL files. Perhaps Claircore can switch to those * If switching to those, there will no longer be a need for hardcoding releases in https://github.com/quay/claircore/blob/v1.5.31/oracle/releases.go. Instead, Oracle Linux vuln updater can essentially mimic something like Alpine: https://github.com/quay/claircore/blob/v1.5.31/alpine/updater.go (have an UpdaterSet Factory and search for versions from 6 - whatever)
As of at least v1.5.31, Claircore does not fetch Oracle Linux vulnerabilities from the current year. See https://github.com/quay/claircore/blob/v1.5.31/oracle/updaterset.go#L13
Fxing this brings an opportunity to improve the Oracle Linux support: