Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(redhat): also parse /usr/share/buildinfo for "content manifests" #8213

Closed
knqyf263 opened this issue Jan 8, 2025 Discussed in #8209 · 1 comment · Fixed by #8222
Closed

feat(redhat): also parse /usr/share/buildinfo for "content manifests" #8213

knqyf263 opened this issue Jan 8, 2025 Discussed in #8209 · 1 comment · Fixed by #8222
Assignees
@DmitriyLewen
Labels
kind/feature Categorizes issue or PR as related to a new feature. target/container-image Issues relating to container image scanning
Milestone
v0.59.0

Comments

@knqyf263
Copy link
Collaborator

knqyf263 commented Jan 8, 2025

The original discussion describes the request well.

Discussed in #8209

Originally posted by cgwalters January 7, 2025

Description

See quay/claircore@7250a05 and openshift/os#670 (comment)

TL;DR basically for bootc systems we want /var to be as empty as possible - /usr should hold immutable read-only state like this.

This file is an ill-defined mess and general consensus seems to be that tooling should be scanning SBOMs instead, but basically for now please just make the same change Clair did and parse that location too.

Target

None

Scanner

None
@knqyf263 knqyf263 added kind/feature Categorizes issue or PR as related to a new feature. target/container-image Issues relating to container image scanning labels Jan 8, 2025
@knqyf263 knqyf263 added this to the v0.59.0 milestone Jan 8, 2025
@DmitriyLewen DmitriyLewen mentioned this issue Jan 9, 2025
Merged
6 tasks
@DmitriyLewen
Copy link
Contributor

it's quite hard to find rhcos image.
But I ran rhcos-4.17.0-x86_64 in VM and I can confirm that this image uses usr/share/buildinfo/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/feature Categorizes issue or PR as related to a new feature. target/container-image Issues relating to container image scanning
Projects
Trivy Roadmap
Status: No status
Milestone
v0.59.0
Development

Successfully merging a pull request may close this issue.

fix(redhat): check usr/share/buildinfo/ dir to detect content sets DmitriyLewen/trivy
2 participants
@knqyf263 @DmitriyLewen