cluster-image-scanner icon indicating copy to clipboard operation
cluster-image-scanner copied to clipboard
verified publisher icon SDA-SE

Speed Optimization

Open wurstbrot opened this issue 4 years ago • 1 comments

Organization might use the same images with different names, e.g.:

  • registry.com/team1/mongo:3.1
  • registry.com/team2/mongo:3.1
  • registry.com/team1/mongo@sha256:123
  • registry.com/team2/mongo@sha256:123

The current algorithm doesn't take it into account. Evaluation of speed optimization should be performed. This issue is mainly related to storage.

wurstbrot avatar Jun 02 '21 13:06 wurstbrot

One possible approach would to only identify images by their manifest hash and use that as storage identified. This would at least de-duplicate images with different tags but the same content.

For images with mismatching manifest hashes, I see no easy way. If we de-duplicate them by image name and tag, we might miss security issues present in one of the images and therefore not actually scan the images in production.

philband avatar Jun 02 '21 15:06 philband