Replies: 1 comment
-
Hello @pmolon FYI looks like it is bug in this image, because ➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:73f7dcacb460dad137a58f24668470a5a2e47378838a0190eef0ab532c6e8998 ls -hl /root/buildinfo/content_manifests/
-rw-rw-r-- 1 root root 368 Jul 18 15:53 ubi9-minimal-container-9.4-1194.json
➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:73f7dcacb460dad137a58f24668470a5a2e47378838a0190eef0ab532c6e8998 cat /root/buildinfo/content_manifests/ubi9-minimal-container-9.4-1194.json
{
"metadata": {
"icm_version": 1,
"icm_spec": "https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/master/atomic_reactor/schemas/content_manifest.json",
"image_layer_index": 0
},
"content_sets": [
"rhel-9-for-x86_64-baseos-rpms",
"rhel-9-for-x86_64-appstream-rpms"
],
"image_contents": []
} |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
We are using trivy in our CI pipeline to scan images. Redhat now just recently updated all their base images to RHEL 9.5, e.g. https://catalog.redhat.com/software/containers/ubi9-minimal/61832888c0d15aff4912fe0d?image=67334c07aa3afe8d468be888&container-tabs=overview
Trivy now fails with the error
We are using most recent trivy version
Desired Behavior
Trivy should correctly detect RHEL 9.5 packages
Actual Behavior
Trivy encounters FATAL error
Reproduction Steps
1. Run trivy command trivy image registry.access.redhat.com/ubi9-minimal@sha256:ba0d97dd43fea58f9bdcc4488c60a3869827e1e30a51c11bbfae3fb7dc91e6f5 2. The scan will fail with above mentioned error
Target
Container Image
Scanner
Vulnerability
Output Format
None
Mode
Standalone
Debug Output
Operating System
Ubuntu
Version
Checklist
trivy clean --all
Beta Was this translation helpful? Give feedback.
All reactions