Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4728

CSO doesn't create vulnerability objects for some images pulled from Quay

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise

      When a pod is created from an image in Quay, CSO doesn't create the image vulnerability object. The only thing we see in the logs is as follows:

      level=debug msg="Pod updated" key=hki-kanslia-aok-tilavarauspalvelu-dev/tilavarauspalvelu-admin-ui-317-vdjww
      level=debug msg="Pod updated" key=hki-kanslia-aok-tilavarauspalvelu-test/tilavarauspalvelu-admin-ui-73-9tt57
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-aok-tilavarauspalvelu-dev/tilavarauspalvelu-admin-ui-317-vdjww
      level=error msg="Error parsing imageID" imageID=QUAY:443/hki-kanslia-aok-tilavarauspalvelu-dev/tilavarauspalvelu-admin-ui@sha256:2094d8aa77be56d2714ae6050de2ea615d87fd47c365c2ee8c5aa2c488c17397
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-aok-tilavarauspalvelu-test/tilavarauspalvelu-admin-ui-73-9tt57
      level=error msg="Error parsing imageID" imageID=QUAY:443/hki-kanslia-aok-tilavarauspalvelu-test/tilavarauspalvelu-admin-ui@sha256:c549c6151dd8f4098fd02198913c0f6c55b240b156475588257f19d57e7b1fba
      

      Quay logs do not show that CSO ever tried to contact Quay to download these vulnerabilities. Restarting CSO from scratch didn't change anything in the logs, it either shows the garbage collection issue or it just shows that pod info is updated but nothing else, as in the following case for another image:

      $ cat csologs20221108.log | grep "hauki-4-mk69q"
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=debug msg="Pod updated" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=hki-kanslia-unittest1-test/hauki-4-mk69q
      

      Can you please check the issue and advise?

              jonathankingfc Jonathan King
              rhn-support-ibazulic Ivan Bazulic
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: