You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once you using the latest (= 3.21) image-tag of Alpine, you will get the following output in ECR:
Image not supported
UnsupportedImageError: The operating system and/or package manager are not supported.
At the same moment, Alpine SecDB also already added version 3.21, please see https://secdb.alpinelinux.org/v3.21/ (supporting vulnerability data). Having this said, I assume your data vendor for Inspector also has this data ready.
Are you currently working around this issue?
No workaround known. This repo have to use Vulnerability Scans using AWS ECR Enhanced (Image) Scanning.
Currently we have to skip Image Scanning.
Additional context
A general improvement is needed and already requested in the following issue. You can find the same pattern of this issue for previous regular Alpine major-releases 3.19, 3.18, 3.19, 3.20, ... linked in this issue as well.
Ironic that the "Basic" scan already supports it, but the "Enhanced" scan doesn't.
There seems to be a disconnect between the marketing department and R&D 😆
I've re-tested today by pushing a alpine:3.21.0 tag to ECR with Enhanced Scanning enabled. Today, I was enable to get Scan-Result from Enhanced Scanner/Inspector. If somebody could confirm, it would be nice. AWS docs doesn't reflect this not yet. I guess this is work-in-progress.
Community Note
Tell us about your request
Using Vulnerability Scans with for latest Alpine release.
Which service(s) is this request for?
ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
At 05.12.2024, Alpine Linux 3.21 has been released (please see https://gallery.ecr.aws/docker/library/alpine and https://alpinelinux.org/posts/Alpine-3.21.0-released.html).
We are using AWS ECR Enhanced (Image) Scanning (with Amazon Inspector) to check for vulnerabilities.
Once you using the latest (= 3.21) image-tag of Alpine, you will get the following output in ECR:
At the same moment, Alpine SecDB also already added version 3.21, please see https://secdb.alpinelinux.org/v3.21/ (supporting vulnerability data). Having this said, I assume your data vendor for Inspector also has this data ready.
Are you currently working around this issue?
No workaround known. This repo have to use Vulnerability Scans using AWS ECR Enhanced (Image) Scanning.
Currently we have to skip Image Scanning.
Additional context
A general improvement is needed and already requested in the following issue. You can find the same pattern of this issue for previous regular Alpine major-releases 3.19, 3.18, 3.19, 3.20, ... linked in this issue as well.
The text was updated successfully, but these errors were encountered: