Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"No outdated base images" on docker scout #58

Open
KEINOS opened this issue Aug 27, 2024 · 0 comments
Open

"No outdated base images" on docker scout #58

KEINOS opened this issue Aug 27, 2024 · 0 comments

Comments

@KEINOS
Copy link
Owner

KEINOS commented Aug 27, 2024 

$ docker scout version | grep version
version: v1.13.0 (go1.22.5 - darwin/amd64)

$ docker scout quickview keinos/sqlite3:latest
    ✓ SBOM of image already cached, 17 packages indexed
    ✓ Policy evaluation completed

    i Base image was auto-detected. To get more accurate results, build images with max-mode provenance attestations.
      Review docs.docker.com ↗ for more information.
      
  Target     │  keinos/sqlite3:latest  │    0C     0H     0M     0L   
    digest   │  5798b274cbad           │                              
  Base image │  alpine:3               │    0C     0H     0M     0L   

Policy status  FAILED  (4/7 policies met, 2 missing data)

  Status │                   Policy                    │           Results            
─────────┼─────────────────────────────────────────────┼──────────────────────────────
  ✓      │ Default non-root user                       │                              
  ✓      │ No AGPL v3 licenses                         │    0 packages                
  ✓      │ No fixable critical or high vulnerabilities │    0C     0H     0M     0L   
  ✓      │ No high-profile vulnerabilities             │    0C     0H     0M     0L   
  ?      │ No outdated base images                     │    No data                   
         │                                             │    Learn more ↗                    
  ?      │ No unapproved base images                   │    No data                   
  !      │ Missing supply chain attestation(s)         │    2 deviations              

What's next:
    View policy violations → docker scout policy keinos/sqlite3:latest --org keinos
    Compare with the latest in the registry → docker scout compare --to-latest keinos/sqlite3:latest --org keinos

No outdated base images
The No outdated base images policy requires that the base images you use are up-to-date.

It's violated when the tag you used to build your image points to a different digest than what you're using. If there's a mismatch in digests, that means the base image you're using is out of date.

Your images need provenance attestations for this policy to successfully evaluate. For more information, see No base image data.

No base image data
There are cases when it's not possible to determine information about the base images used in your builds. In such cases, the No outdated base images and No unapproved base images policies get flagged as having No data.

This "no data" state occurs when:

  • Docker Scout doesn't know what base image tag you used
  • The base image version you used has multiple tags, but not all tags are out of date

To make sure that Docker Scout always knows about your base image, you can attach provenance attestations at build-time. Docker Scout uses provenance attestations to find out the base image version.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KEINOS