Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: openshift-4.14
Component/s: rhacs-scanner
Labels:
- Security
- SecurityTracking

Target Version:
None
Activity Type:
Product / Portfolio Work
Status Summary:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:

Red Hat Advanced Cluster Security for Kubernetes
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
None
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

Salesforce Case Link: #https://gss–c.vf.force.com/apex/support?classicRedirected=true#/cases/04096629/details

Issue Description

The customer is experiencing significant confusion in the RHACS UI due to how image tags and their underlying SHA digests are displayed. Initially, the customer reported that thousands of active, deployed images appeared to not have been scanned for months.
However, upon investigation, it was discovered that the same image name and tag are duplicated across multiple rows in the Vulnerability Management dashboard, each tied to a different underlying SHA digest.
While RHACS is technically functioning as designed by tracking and scanning the images via their specific SHA digests, this behavior creates a major usability issue. When the customer scans an image using roxctl referencing only the image name/tag, the CLI shows a recent scan, but the UI fails to update unless the scan is explicitly performed using the exact SHA digest.

Customer Impact

Because deployments are having their underlying SHA digests updated, the UI is cluttered with historical digests. The primary issue is that the UI does not make it clear which digest is the "current" one (i.e., the one the tag resolves to today in the registry) and which digests are obsolete or no longer present in the registry.
This severely impacts the customer's operations and auditing processes, as they cannot reliably prove to auditors which image entries are valid, nor can they easily confirm that their customers have the latest CVE data on their active images.

Customer Expectations from Red Hat

The customer expects Red Hat to provide a solution or UI enhancement that clarifies this ambiguity. Specifically, they need a reliable way within the RHACS UI to differentiate between active/pullable digests and obsolete digests for a single image name/tag.
While they understand that a broader Data Model Refactoring effort is underway for a related issue, they need a clear operational path to identify current images for accurate auditing and vulnerability management.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot 2026-02-24 at 14.25.14.png
397 kB
2026/02/24 5:25 PM

Assignee:: Unassigned

Reporter:: Carlos Ramos

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2026/02/24 5:26 PM

Updated:: 2026/02/24 9:56 PM

Target start:: None

Target end:: None

Details

Description

Attachments

Attachments

Easy Agile Planning Poker

Activity

People

Dates