We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What steps did you take and what happened:
We've been trying to understand why the report.artifact.digest value doesn't match the actual image digest.
report.artifact.digest
After digging a bit through the code, we realized that the value of report.artifact.digest is actually the image_id.
here's an example:
report: artifact: digest: sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb repository: <image repo> tag: v0.47.3 os: family: alpine name: 3.18.4 registry: server: <registry>
per above the digest is sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb
sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb
however, when we scan the same image with trivy cli, we get the following:
trivy
trivy i --format json <registry>/<image repo>:v0.47.3
{ "SchemaVersion": 2, "CreatedAt": "2024-09-09T21:20:23.838423-04:00", "ArtifactName": "<registry>/<image repo>:v0.47.3", "ArtifactType": "container_image", "Metadata": { "OS": { "Family": "alpine", "Name": "3.18.4" }, "ImageID": "sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb", "DiffIDs": [ "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438", "sha256:8d7be0d3cbdd44bc6fa563f60e8bc1a373d5e60f035d8c089918a2bcc92fee25", "sha256:94e5b30b4e4869f384d25800811d245e2a09d04eeb6295a0eadd34ef3bf62677", "sha256:f9733b6837c92fb7242b3513ccc51ed17051488e31115c5dd57ac1ee229f64e9", "sha256:1b1eb4aa471edd83d2c07371ae5c7a43435e8f445d749f055f48cb915ed52c21", "sha256:1624be5bf90422992672ea3698f7f48b1835627808d52126c46d4539e14eeb7e", "sha256:654cfc253da32ff012d018bb56208d1c5de1657e1f39e8f3a8c78bd016c14834", "sha256:bd978dcc58af2e02683ddcadad5142fea925718a2154791a45f41e5944fc8c91" ], "RepoTags": [ "<registry>/<image repo>:v0.47.3" ], "RepoDigests": [ "<registry>/<image repo>@sha256:cf3e3b3a98edde46eac58d4745a2467b9da2bc49a11191565a893ffac38034a3" ],
as you can see, the report.artifact.digest value is Metadata.ImageID in the Trivy report:
Metadata.ImageID
"ImageID": "sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb",
The actual Digest is in the Metadata.RepoDigests field:
Metadata.RepoDigests
"RepoDigests": [ "<registry>/<image repo>@sha256:cf3e3b3a98edde46eac58d4745a2467b9da2bc49a11191565a893ffac38034a3" ],
What did you expect to happen:
We expect that report.artifact.digest would show the actual image digest value, instead of image_id.
perhaps it's worth to include both?
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
trivy-operator version
kubectl version
The text was updated successfully, but these errors were encountered:
No branches or pull requests
What steps did you take and what happened:
We've been trying to understand why the
report.artifact.digest
value doesn't match the actual image digest.After digging a bit through the code, we realized that the value of
report.artifact.digest
is actually the image_id.here's an example:
per above the digest is
sha256:dde063663e676fb551255dcc41f7b67fbb913becaccadde12da2c3a0abc236eb
however, when we scan the same image with
trivy
cli, we get the following:as you can see, the
report.artifact.digest
value isMetadata.ImageID
in the Trivy report:The actual Digest is in the
Metadata.RepoDigests
field:What did you expect to happen:
We expect that
report.artifact.digest
would show the actual image digest value, instead of image_id.perhaps it's worth to include both?
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
trivy-operator version
): v0.22.0kubectl version
): 1.28.13The text was updated successfully, but these errors were encountered: