No results found for a given Image Digest.

[michaelspinks]

Describe the bug

Running the script ImageScanSummaryAssessmentGate.ps1. Providing the input parameters for the script - registryName, Repository, Tag we find no results found for a given Image Digest sha256:f271e74b17ced29b915d351685fd4644785c6d1559dd1f2d4189a5e851ef753a

Screenshot of the Image and Digest below

Microsoft-Defender-for-Cloud/Container Image Scan Vulnerability Assessment/Image Scan Automation Enrichment Security Gate> .\ImageScanSummaryAssessmentGate.ps1 -registryName myRegistry -repository library/alpine -tag 3.17.1
Extension 'resource-graph' is already installed.
Image Digest: sha256:f271e74b17ced29b915d351685fd4644785c6d1559dd1f2d4189a5e851ef753a
Query: securityresources
 | where type == 'microsoft.security/assessments/subassessments'
 | where id matches regex  '(.+?)/providers/Microsoft.ContainerRegistry/registries/(.+)/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/'
 | extend registryResourceId = tostring(split(id, '/providers/Microsoft.Security/assessments/')[0])
 | extend registryResourceName = tostring(split(registryResourceId, '/providers/Microsoft.ContainerRegistry/registries/')[1])
 | extend imageDigest = tostring(properties.additionalData.imageDigest)
 | extend repository = tostring(properties.additionalData.repositoryName)
 | extend patchable = tobool(properties.additionalData.patchable)
 | extend scanFindingSeverity = tostring(properties.status.severity), scanStatus = tostring(properties.status.code)
 | summarize findingsCountOverAll = count(), scanFindingSeverityCount = countif(patchable or not(tobool(False))) by scanFindingSeverity, scanStatus, registryResourceId, registryResourceName, repository, imageDigest
 | summarize findingsCountOverAll = sum(findingsCountOverAll), severitySummary = make_bag(pack(scanFindingSeverity, scanFindingSeverityCount)) by registryResourceId, registryResourceName, repository, imageDigest, scanStatus
 | summarize findingsCountOverAll = sum(findingsCountOverAll) , scanReport = make_bag_if(pack('scanStatus', scanStatus, 'scanSummary', severitySummary), scanStatus != 'NotApplicable')by registryResourceId, registryResourceName, repository, imageDigest
 | extend IsScanned = iif(findingsCountOverAll > 0, true, false)
| where imageDigest =~ 'sha256:f271e74b17ced29b915d351685fd4644785c6d1559dd1f2d4189a5e851ef753a' and repository =~ 'library/alpine' and registryResourceName =~ 'myRegistry'

No results for image library/alpine:3.17.1 yet ...
No results for image library/alpine:3.17.1 yet ...
Write-Error: No results were found for digest: sha256:f271e74b17ced29b915d351685fd4644785c6d1559dd1f2d4189a5e851ef753a after 3 retries!

To Reproduce Steps to reproduce the behavior:

1. Git Clone the Microsoft-Defender-for-Cloud repository to computer
2. Change to Container Image Scan Vulnerability Assessment folder/Image Scan Automation Enrichment Security Gate
3. '.\ImageScanSummaryAssessmentGate.ps1 -registryName myRegistry -repository library/alpine -tag 3.17.1'

Expected behavior Entering the registryName, repository and tag should confirm the image has been scanned as per the defined script inputs.

[killnine]

I have this exact same issue. Did you find a resolution?

My only guess was that my Registry does not have Defender for Cloud enabled on it. However, I can't figure out how to enable it because it's part of a Development subscription....

[killnine]

Just bumping this again.

I got it working for a time with a Production instance of Defender for Cloud and a production Registry. However, lately, I have had issues with my build pipeline failing to find results even though manually running via PowerShell locally works fine. I am pulling settings from Azure Key Vault in both instances.

It's very frustrating to not be able to troubleshoot this and Defender for Cloud is very opaque in what it displays from the dashboard.