Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Layer Scanning is not working with images which is pushed with --compression-format zstd:chunked
-
Hello,
We always use podman push with --compression-format=zstd:chunked in our CI/CD.
But when it comes to layer scanning on ProGet, neither the packages nor the vulnerabilities are suddenly listed for the pushed images.
Otherwise, images pushed with the default settings of podman push are scanned correctly.
Thank you very much and best regards
-
Hi @geraldizo_0690 ,
Are you seeing any errors/messages logged like,
Blob xxxxxxx is not a .tar.gz file; nothing to scan.? If you go to Admin > Executions, you may see some historic logs about Container scanning.Thanks,
Alana
-
Hi,
thanks for quick response.
Yes, we do see that logs. And we are not using gzip as compression-format. So this is a naturely the effect, when we are using zstd. right?
For the moment is the solution, to avoid using other compression-format, because ProGet Layer-Scanner is not supporting zstd???
-
Update:
And we found some images like busybox:1.37 which is directly pulled from upstream dockerhub. This is the same case. The ProGet-Layer-Scanner is not able to find any packages in there.
-
Hi @geraldizo_0690 ,
Nice find with the
busyboximage... that makes it a lot easier to test/debug on our end!!We already have a ZST library in ProGet so, In theory, it shouldn't be that difficult to use that for layers like this. We'll add that via PG-3218 in an upcoming maintenance release -- currently targeting February 20.
Thanks,
Alana
