Skip to content

Support for local docker and tar images in container scanning. #497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 25 commits into from
May 29, 2025
Merged

Support for local docker and tar images in container scanning. #497

merged 25 commits into from
May 29, 2025

Conversation

KunalSin9h
Copy link
Member

fixes #491 #492

@github-actions GitHub Actions
Copy link

github-actions bot commented May 28, 2025
edited
Loading

vet Summary Report

This report is generated by vet

Policy Checks

  • ✅ Vulnerability
  • ✅ Malware
  • ✅ License
  • ✅ Popularity
  • ❌ Maintenance
  • ✅ Security Posture
  • ✅ Threats

Malicious Package Analysis

Malicious package analysis was performed using SafeDep Cloud API

Malicious Package Analysis Report
Ecosystem Package Version Status Report
ECOSYSTEM_GO go.opentelemetry.io/otel/trace 1.36.0 🔗
ECOSYSTEM_GO github.com/moby/docker-image-spec 1.3.1 🔗
ECOSYSTEM_GO go.opentelemetry.io/otel/metric 1.36.0 🔗
ECOSYSTEM_GO github.com/moby/sys/sequential 0.6.0 🔗
ECOSYSTEM_GO github.com/docker/go-units 0.5.0 🔗
ECOSYSTEM_GO github.com/docker/docker 28.1.1+incompatible 🔗
ECOSYSTEM_GO go.opentelemetry.io/otel 1.36.0 🔗
ECOSYSTEM_GO github.com/moby/sys/atomicwriter 0.1.0 🔗
ECOSYSTEM_GO go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.61.0 🔗
ECOSYSTEM_GO golang.org/x/sys 0.33.0 🔗
  • ℹ️ 10 packages have been actively analyzed for malicious behaviour.
  • ✅ No malicious packages found.
Changed Packages

Changed Packages

  • ✅ [Go] go.opentelemetry.io/otel@1.36.0
  • ✅ [Go] github.com/moby/sys/atomicwriter@0.1.0
  • ✅ [Go] golang.org/x/sys@0.33.0
  • ⚠️ [Go] github.com/docker/go-units@0.5.0
  • ⚠️ [Go] github.com/moby/docker-image-spec@1.3.1
  • ✅ [Go] go.opentelemetry.io/otel/metric@1.36.0
  • ✅ [Go] go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@0.61.0
  • ✅ [Go] github.com/moby/sys/sequential@0.6.0
  • ✅ [Go] github.com/docker/docker@28.1.1+incompatible
  • ✅ [Go] go.opentelemetry.io/otel/trace@1.36.0
Policy Violations

Packages Violating Policy

[Go] github.com/docker/go-units@0.5.0 🔗

  • ➡️ Found in manifest go.mod
  • ⚠️ Component appears to be unmaintained

[Go] github.com/moby/docker-image-spec@1.3.1 🔗

  • ➡️ Found in manifest go.mod
  • ⚠️ Component appears to be unmaintained

KunalSin9h
KunalSin9h commented May 28, 2025
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented May 28, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 11.51079% with 123 lines in your changes missing coverage. Please review.

Project coverage is 16.40%. Comparing base (a2c003f) to head (2d988f1).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
pkg/readers/container_image_resolve_workflow.go 0.00% 78 Missing ⚠️
pkg/readers/container_image_reader.go 29.62% 37 Missing and 1 partial ⚠️
scan.go 0.00% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #497      +/-   ##
==========================================
- Coverage   16.46%   16.40%   -0.07%     
==========================================
  Files         161      162       +1     
  Lines       16187    16290     +103     
==========================================
+ Hits         2665     2672       +7     
- Misses      13318    13413      +95     
- Partials      204      205       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@KunalSin9h KunalSin9h requested a review from abhisek May 28, 2025 09:32
abhisek
abhisek reviewed May 28, 2025
View reviewed changes
@KunalSin9h KunalSin9h requested a review from abhisek May 28, 2025 11:18
@KunalSin9h KunalSin9h changed the title Feat/local image Support for local docker and tar images in container scanning. May 28, 2025
abhisek
abhisek reviewed May 28, 2025
View reviewed changes
@KunalSin9h KunalSin9h requested a review from abhisek May 28, 2025 15:43
KunalSin9h and others added 2 commits May 29, 2025 00:21
@KunalSin9h
Merge branch 'main' into feat/local-image
ddbe079
@abhisek
chore: Misc cleanup for Container Image Resolver (#499)
2d988f1 
* chore: Misc cleanup

* fix: Bug with docker image resolver

* fix: Error msg

* chore: Improve debug logging for docker enumeration

* chore: Improve debug logging for docker enumeration
@KunalSin9h
Copy link
Member Author

@abhisek tests passed

@abhisek abhisek merged commit 49cc6ca into main May 29, 2025
8 of 11 checks passed
@abhisek abhisek deleted the feat/local-image branch May 29, 2025 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhisek abhisek abhisek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow local tar file scanning
2 participants
@KunalSin9h @abhisek