Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-32399

Shell Variables Prevent RHACS from Scanning Network Observability Image

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Important

      USER PROBLEM

      Image  " registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b789d62036a3917cfe421b3f3119c6397dbb6c45fee82ca6d98002aa9b9223c7"   contains shell variables 

      The image contains shell variables in /root/buildinfo/labels.json`:

      { "cpe": "cpe:/a:redhat:network_observ_optr:$BUILDVERSION_Y::el9", "version": "$BUILDVERSION"}

       

      RHACS is unable to scan image  "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b789d62036a3917cfe421b3f3119c6397dbb6c45fee82ca6d98002aa9b9223c7" and reports error mentioned below,which indicates that the scanner component failed because it encountered a disallowed character while attempting to parse the component data (CPE version).    

      error: code = Internal desc = failed to scan all layer contents: layer \"sha256:145d7b5d75944e4f5cc9bd4529a5333648441e10a52a55b71eb135b8d169a17a\": cpe: version: disallowed character '$'"}

       

      This is a build defect in the `network-observability-flowlogs-pipeline-rhel9` image, not a Scanner V4 or ClairCore bug. Essentially the image is not "scannable" as it is malformed.

      Bug to be referred for more details:

      https://issues.redhat.com/browse/ROX-31822

              Unassigned Unassigned
              sasakshi@redhat.com Sakshi sakshi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: