Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ECR] [request]: Support for Alpine Linux v3.21 on Enhanced Vulnerability Scanning - Inspector #2490

Open
rgoltz opened this issue Dec 6, 2024 · 3 comments
Labels
Proposed Community submitted issue

Comments

@rgoltz
Copy link

rgoltz commented Dec 6, 2024

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request
Using Vulnerability Scans with for latest Alpine release.

Which service(s) is this request for?
ECR

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
At 05.12.2024, Alpine Linux 3.21 has been released (please see https://gallery.ecr.aws/docker/library/alpine and https://alpinelinux.org/posts/Alpine-3.21.0-released.html).
We are using AWS ECR Enhanced (Image) Scanning (with Amazon Inspector) to check for vulnerabilities.

Once you using the latest (= 3.21) image-tag of Alpine, you will get the following output in ECR:
image

Image not supported
UnsupportedImageError: The operating system and/or package manager are not supported.

At the same moment, Alpine SecDB also already added version 3.21, please see https://secdb.alpinelinux.org/v3.21/ (supporting vulnerability data). Having this said, I assume your data vendor for Inspector also has this data ready.

Are you currently working around this issue?
No workaround known. This repo have to use Vulnerability Scans using AWS ECR Enhanced (Image) Scanning.
Currently we have to skip Image Scanning.

Additional context
A general improvement is needed and already requested in the following issue. You can find the same pattern of this issue for previous regular Alpine major-releases 3.19, 3.18, 3.19, 3.20, ... linked in this issue as well.

@heidemn-faro
Copy link

Ironic that the "Basic" scan already supports it, but the "Enhanced" scan doesn't.
There seems to be a disconnect between the marketing department and R&D 😆

@rgoltz
Copy link
Author

rgoltz commented Jan 3, 2025

I've re-tested today by pushing a alpine:3.21.0 tag to ECR with Enhanced Scanning enabled. Today, I was enable to get Scan-Result from Enhanced Scanner/Inspector. If somebody could confirm, it would be nice. AWS docs doesn't reflect this not yet. I guess this is work-in-progress.

@heidemn-faro
Copy link

Works fine for me now (although I tested only with an image without CVEs).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Proposed Community submitted issue
Projects
None yet
Development

No branches or pull requests

2 participants