Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add base image layer detection to compliance scanning #3834

Closed
Mo0rBy opened this issue Mar 14, 2023 · 1 comment · Fixed by #4344
Closed

Add base image layer detection to compliance scanning #3834

Mo0rBy opened this issue Mar 14, 2023 · 1 comment · Fixed by #4344
Assignees
@DmitriyLewen
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning target/container-image Issues relating to container image scanning
Milestone
v0.42.0

Comments

@Mo0rBy
Copy link

Mo0rBy commented Mar 14, 2023

I raised issue #3814 due to false positives on docker-cis compliance scanning. The false positives were from a HEALTHCHECK layer and a bunch of ADD layers in the base image. The HEALTHCHECK false positive has been dealt with in said issue, but @knqyf263 has asked that I raise a new feature request to add theguessBaseLayers functionality to the docker-cis compliance scanning, to remove all the false positives of ADD layers in the base image.

trivy/pkg/fanal/artifact/image/image.go

Line 496 in 3987a67

func (a Artifact) guessBaseLayers(diffIDs []string, configFile *v1.ConfigFile) []string {

@Mo0rBy Mo0rBy added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 14, 2023
@itaysk itaysk added scan/misconfiguration Issues relating to misconfiguration scanning target/container-image Issues relating to container image scanning labels Mar 14, 2023
@lior-orca
Copy link

Similar issue - #3792

@knqyf263 knqyf263 added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label May 8, 2023
This was referenced May 8, 2023
Closed
Closed
@knqyf263 knqyf263 added this to the v0.42.0 milestone May 11, 2023
@DmitriyLewen DmitriyLewen mentioned this issue May 12, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning target/container-image Issues relating to container image scanning
Projects
None yet
Milestone
v0.42.0
Development

Successfully merging a pull request may close this issue.

feat(image): add logic to guess base layer for docker-cis scan DmitriyLewen/trivy
5 participants
@itaysk @knqyf263 @lior-orca @Mo0rBy @DmitriyLewen