trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 4 months ago verified publisher icon aquasecurity

fix(image): handle images with single layer in rescan mergedLayers cache

Open Moniseeta opened this issue 3 years ago • 0 comments

Description

For images with single layer, the layer key was directly being used as merged cache key. This was posing an issue of data override and any other image having the same layer could get incorrect data. So, fixed:

  1. Even for 1 layer - merged layer key hash will be calculated
  2. We will not go with assumption that merged data will have only 1 pkgInfo
  3. We are setting a SchemaVersion in blob being generated in ToBlobInfo

Checklist

  • [ ] I've read the guidelines for contributing to this repository.
  • [ ] I've followed the conventions in the PR title.
  • [ ] I've added tests that prove my fix is effective or that my feature works.
  • [ ] I've updated the documentation with the relevant information (if needed).
  • [ ] I've added usage information (if the PR introduces new options)
  • [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).

Moniseeta avatar Sep 21 '22 11:09 Moniseeta