Unsupported scan results on Google Distroless images
toastbrotch opened this issue · comments
Hi
When I push Google Distroless Images to my Quay registry, I've got Unsupported security scan results.
(just tried with mcr.microsoft.com/azure-cognitive-services/vision/read:3.2-model-2022-04-30 )
Expected Outcome
Security findings based on CVE for Debian.
Actual Outcome
Unsupported
Environment
Clair version/image: clair-rhel8:v3.7.2
the same was reported on Clair V2 but it got simply closed (#1001). now that we have Clair V4 the same problem still exists.
any plans to fix this? is it fixable?
thanx.ivo
$ cat /etc/os-release
PRETTY_NAME="Distroless"
NAME="Debian GNU/Linux"
ID="debian"
VERSION_ID="10"
VERSION="Debian GNU/Linux 10 (buster)"
"Distroless" containers don't use the standard dpkg database and so aren't supported by the dpkg
package in claircore.
Support would have to be added there.
as i see more and more distroless containers appear here, adding support would be great