Comments (6)
Yeah it's using layer[0]
digest at the moment, I'll PR this shortly.
from reg.
from reg.
I think this might still affect the VulnerabilitiesV3
method in this case as reg is using the digest of layer[0]
as the name, it looks like I'm getting some false positives and I'm not positive just yet but I think it's images that have the same digest for layer[0]
picking up ancestry from previous images scans, or something.
I'll have a play changing the report name to something else and see if I still see the same issues, I'll PR it if that's what it is.
(edit): confirmed this is the case, apparently I have over 1000 images with the same layer[0].Digest
.
Is there any preferred way to store the name? I was just gonna prepend the repo/tag or something.
from reg.
The name is intended to be the SHA of the manifest and not of any individual layer. If reg isn't using that, it's a bug.
from reg.
@jzelinskie what's the recommendation for schema V1 manifests? Those don't seem to have a digest of the whole image like schema 2 does.
from reg.
That's far more tricky and depends on the use case.
Internally, Quay used a unique identifier composed of the image ID and the unique id used for locating storage from the Quay database.
If you know that you'll never retag the image, you could use the fully qualified name and tag (e.g. quay.io/jzelinskie/chihaya-git:28df9sd
. Using the tag is definitely prone to error so you are probably best crafting something totally unique like a UUID and storing a mapping to the image. v1 image ids are supposed to be globally unique, so you could try using layer[0].
Ideally, you should avoid v1 docker images if you aren't using Quay, which is the only registry I know that generates everything backwards compatibly to Docker 0.8.
edit: I'm totally confusing v1 and v2 schema1 and v2 schema2
from reg.
Related Issues (20)
- Please tag a new release HOT 2
- Tests don't pass after cloning and running make test HOT 3
- Support to pass Client CERT/Key and CA CERT HOT 2
- Manifest Lists incorrectly queried from Docker Hub HOT 1
- Can't run clean install using go modules HOT 2
- registry type HOT 2
- Reg leaving lot of openfiles on the registry HOT 1
- behavior of ping is against Docker v2 API Spec HOT 2
- reg server update interval HOT 1
- `reg rm` deletes more than just the specified tag HOT 5
- Add pagination support for tag listing
- clair.layer400 Bad Request: "vulnerability scanning for <image> failed: clair error: could not find layer" HOT 2
- vulns return invalid character '<' HOT 1
- Docs don't explain how to manage insecure private registry HOT 3
- Why this project has no documents about how to use its API (import) ?
- Add option to map digest to tag
- RSS or Atom feed for repository tags
- go install gives error
- reg dont use /etc/hosts
- `reg rm` irritatingly states "docker.io" for image deleted from GitLab registry HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reg.