-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
Quay Enterprise
-
Red5 [Quay 185]
If an image is retagged multiple time and running inside ocp , CSO tries to check the registry for CVE and it ends up referring wrong registry for pulling CVE information
snippet of docker inspect:
{
"Id": "sha256:cb27f13ea47a53cd6284c0c14a40ebe039ad9bfdd3681737d656de8ba5039814",
"RepoTags": [
"example-quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/quay/ose-pod:latest",
"quay.io/testquay1/ose-pod:v3.11.51",
"quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/quay/ose-pod:latest"
],
"RepoDigests": [
"example-quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/quay/ose-pod@sha256:6cc2824dd5a3189d993b4f61ed6019a5bb1fcfb62cef74fed862550c5410ba4a",
"quay.io/testquay1/ose-pod@sha256:af62f107b1a398f69716aaf1bd2757d1380a4deb6fd9beee197468325e729934",
"quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/quay/ose-pod@sha256:6cc2824dd5a3189d993b4f61ed6019a5bb1fcfb62cef74fed862550c5410ba4a"
],
Example:
In deployment the image referenced was from registry quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/quay/ose-pod@sha256:6cc2824dd5a3189d993b4f61ed6019a5bb1fcfb62cef74fed862550c5410ba4a, However CSO was trying to reach example-quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support
Logs:
level=error msg="Failed to sync layer data" key=sim/example-56875dd49b-jdxcw err="Get https://example-quayecosystem-quay-quay-enterprise.apps.ocp4.3.pdhange.rhcee.support/.well-known/app-capabilities: x509: certificate signed by unknown authority"
