kube-trivy-exporter icon indicating copy to clipboard operation
kube-trivy-exporter copied to clipboard

Published 20 hours ago verified publisher icon kaidotdev

Scanning images from quay.io

Open blacs30 opened this issue 5 years ago • 1 comments

Quay images like quay.io/coreos/prometheus-operator are not scannable directly with trivy because quay doesn't support the v2.2 manifest schema see also this github issue in the trivy repo A workaround is to pull the image manually and then run trivy - this doesn't seem to make sense in a pod which shouldn't run the docker daemon.

Another option I see is to download the image as a file without docker/crictl involved and then run trivy scan against that file.

Are there other possibilities or is there already a workaround to scan quay images?

blacs30 avatar May 14 '20 20:05 blacs30

Is there a possible solution?

sbkg0002 avatar Oct 23 '20 18:10 sbkg0002