dotnet-docker icon indicating copy to clipboard operation
dotnet-docker copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Use latest version of syft for image inspection

Open mthalman opened this issue 1 year ago • 3 comments

There was an issue that required the tests to pin to an older version of syft. The solution to that was discovered that will allow us to now go back to using the latest version. See https://github.com/anchore/syft/issues/1708#issuecomment-1499589501.

We need to specify --platform <platform> as an argument to the syft tool to get this to work properly. Example:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock anchore/syft packages docker:mcr.microsoft.com/dotnet/runtime-deps:8.0-preview-jammy-chiseled-arm32v7 -o json --platform linux/arm

mthalman avatar Apr 06 '23 20:04 mthalman

[Triage] It would be better if we could be pinned to a specific version to avoid unintended breakage. Ideally we would have a process in place for updating to newer versions of syft as they are released. This could be done either manually or through automation (using the update-dependencies tool to query for latest version could be an option).

mthalman avatar Apr 12 '23 18:04 mthalman

I have noticed that syft updates very frequently. Around 3, sometimes 4 times per month. They are currently on version 80: https://github.com/anchore/syft/releases/tag/v0.80.0

lbussell avatar May 05 '23 23:05 lbussell

This should include a way to automatically update the Syft image in the cache ACR as well.

lbussell avatar Jul 25 '24 15:07 lbussell

Fixed with https://github.com/dotnet/dotnet-docker/pull/5769

NikolaMilosavljevic avatar Aug 14 '24 15:08 NikolaMilosavljevic