Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-8878

RHACS Scanned image tag duplicated across multiple rows with different digests

XMLWordPrintable

    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • Red Hat Advanced Cluster Security for Kubernetes
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Salesforce Case Link: #https://gss–c.vf.force.com/apex/support?classicRedirected=true#/cases/04096629/details

      Issue Description

      The customer is experiencing significant confusion in the RHACS UI due to how image tags and their underlying SHA digests are displayed. Initially, the customer reported that thousands of active, deployed images appeared to not have been scanned for months.
      However, upon investigation, it was discovered that the same image name and tag are duplicated across multiple rows in the Vulnerability Management dashboard, each tied to a different underlying SHA digest.
      While RHACS is technically functioning as designed by tracking and scanning the images via their specific SHA digests, this behavior creates a major usability issue. When the customer scans an image using roxctl referencing only the image name/tag, the CLI shows a recent scan, but the UI fails to update unless the scan is explicitly performed using the exact SHA digest.

      Customer Impact

      Because deployments are having their underlying SHA digests updated, the UI is cluttered with historical digests. The primary issue is that the UI does not make it clear which digest is the "current" one (i.e., the one the tag resolves to today in the registry) and which digests are obsolete or no longer present in the registry.
      This severely impacts the customer's operations and auditing processes, as they cannot reliably prove to auditors which image entries are valid, nor can they easily confirm that their customers have the latest CVE data on their active images.

      Customer Expectations from Red Hat

      The customer expects Red Hat to provide a solution or UI enhancement that clarifies this ambiguity. Specifically, they need a reliable way within the RHACS UI to differentiate between active/pullable digests and obsolete digests for a single image name/tag.
      While they understand that a broader Data Model Refactoring effort is underway for a related issue, they need a clear operational path to identify current images for accurate auditing and vulnerability management.

        1. Screenshot 2026-02-24 at 14.25.14.png
          397 kB
          Carlos Ramos

              Unassigned Unassigned
              rhn-support-cramos Carlos Ramos
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                None
                None