Known limitations (v1.0.2)

Refer to the following known issues and limitations related to the Concert v1.0.2 release.

Known issues: IBM Cloud Kubernetes Service (IKS) refresh token validation fails

Given the short expiry time for the IKS refresh token, it is recommended that you create a new refresh token before setting up an ingestion job from IKS and before running each subsequent ingestion job.

Known limitations: Concert does not support user groups from an IdP (VM only).

If you have a VM deployment of Concert software the user groups defined in an integrated IdP are not recognized or supported by Concert. You can specify only individual users and user-level access to your Concert instance.

Known issues: User IDs appear instead of usernames for users imported from an IdP (VM only).

If you have a VM deployment of Concert software, imported usernames appear as user IDs (strings).

Known issues: Ticket status does not update until the page refreshes.

After creating a ticket to address a vulnerability, compliance, package, or certificate issue, you must refresh the respective page to update the status displayed.

Known issues: When creating an API key from an OCP deployment of Concert, you must modify the URL path of the Concert host.

When creating an API key from a Concert instance deployed on an OCP cluster, the generated example API key usage must be modified to include /ibm/concert in order to be used. For example, the original API key usage example includes the following URL:

https://{concerthost}:{port}.com/core/api/...

This must be modified to include /ibm/concert at the beginning of the URL path.

https://{concerthost}:{port}.com/ibm/concert/core/api/...

Known issues: Package licenses imported via SBOM do not appear in the License preferences settings.

You can managed your allowed and denied package licenses from Administration > Settings; however, if you upload an SBOM file containing a different license, it does not appear in the default list.