scout-action icon indicating copy to clipboard operation
scout-action copied to clipboard

Published 20 hours ago verified publisher icon docker

1.13.0 broke our workflow, downstream auth error

Open jessfraz opened this issue 6 months ago • 2 comments

1.12.0 does not have this issue

our workflow goes:

  1. login to ghcr.io
  2. login to docker hub where we have scout access
  3. build image
  4. push image to ghcr.io
  5. scan image

this is the error we see on 1.13.0 we are not seeing on 1.12.0

cves
      ...Storing image for indexing
      ✓ Image stored for indexing
      ...Indexing
      ✓ Indexed 412 packages
      ✓ Provenance obtained from attestation
  Error: could not list CVEs for the image: API operation failed: Message: Not allowed, Locations: [], Extensions: map[arguments:map[context:$context query:map[imageCoords:map[digest:$digest hostname:$hostname repository:$repository] includeExcepted:$includeExcepted packageUrls:$purls]] code:DOWNSTREAM_SERVICE_ERROR status:FORBIDDEN], Path: [vulnerabilitiesByPackageForImageCoords]
Screenshot 2024-08-06 at 11 57 44 PM

jessfraz avatar Aug 07 '24 03:08 jessfraz