---- I am facing issues while trying to scan same image (same sha) with different name with Anchor
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): bug
Service policy_engine (anchore-engine-policy-6c577f456c-dg6x8, anchore-engine-policy:8087): up
Service analyzer (anchore-engine-analyzer-6ffd9dcdc5-v55mq, anchore-engine-analyzer:8084): up
Service analyzer (anchore-engine-analyzer-6ffd9dcdc5-rfdw2, anchore-engine-analyzer:8084): up
Service catalog (anchore-engine-catalog-656768cb96-rd8bz, anchore-engine-catalog:8082): up
Service policy_engine (anchore-engine-policy-6c577f456c-hj67x,anchore-engine-policy:8087): up
Service policy_engine (anchore-engine-policy-6c577f456c-vmgxh, anchore-engine-policy:8087): up
Service apiext (anchore-engine-api-54c87d8784-d8ltw, anchore-engine-api:8228): up
Service simplequeue (anchore-engine-simplequeue-6cc76b449d-z8bnw, anchore-engine-simplequeue:8083): up
Version of Anchore Engine and Anchore CLI if applicable:
What happened:
I have a jenkins job which pulls the dockerfile from git and creates an image from it and pushes the image to ECR . Later on this image is being analysed using Anchor plugin. I have a jenkinsfile created for same . The plugin works fine but when i trigger same job several times , different images with different tags gets created but they have same sha . On checking the engine logs i get below error :
16:48:21 "detail": { 16:48:21 "error_codes": [] 16:48:21 }, 16:48:21 "httpcode": 404, 16:48:21 "message": "image is not analyzed - analysis_status: not_analyzed" 16:48:21 } 16:48:21 16:48:21 2021-12-29T11:18:21.040 WARN AnchoreWorker Exhausted all attempts polling anchore-engine. Analysis is incomplete for sha256:543fa03ffaf3ab8c0b63e1f79cf17b8ad6ad3bcde6fc3dd8a77161582c35a108 16:48:21 2021-12-29T11:18:21.040 ERROR AnchorePlugin Failing Anchore Container Image Scanner Plugin step due to errors in plugin executionWhat did you expect to happen:
The plugin fails to analyse as the engine analyses on sha basis like "000000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c" but as under my anchore-images there are several images with same sha , the image is goes into "not anlaysed" state
Any relevant log output from /var/log/anchore:
`[Thread-1121576] [anchore_engine.clients.skopeo_wrapper/download_image()] [ERROR] command failed with exception - Error encountered in skopeo operation. cmd=/bin/sh -c skopeo copy --remove-signatures --src-tls-verify=true --src-creds "${SKOPUSER}":"${SKOPPASS}" docker://000000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c oci:/analysis_scratch/a5288737-0353-4a35-8913-dc816cbdb169/raw:image, rc=1, stdout=None, stderr=b'time="2021-12-23T06:18:55Z" level=fatal msg="Error initializing source docker://00000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c: Error reading manifest sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c in 0000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test: manifest unknown: Requested image not found"\n', error_code=REGISTRY_IMAGE_NOT_FOUND
`
What docker images are you using:
Have k8 setup using helm
How to reproduce the issue:
Try adding image created using same Dockerfile and pushed in same ECR to Anchore Engine . The sha of the images should be same to reproduce this error
Is this a request for help?:
---- I am facing issues while trying to scan same image (same sha) with different name with Anchor
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): bug
Service policy_engine (anchore-engine-policy-6c577f456c-dg6x8, anchore-engine-policy:8087): up Service analyzer (anchore-engine-analyzer-6ffd9dcdc5-v55mq, anchore-engine-analyzer:8084): up Service analyzer (anchore-engine-analyzer-6ffd9dcdc5-rfdw2, anchore-engine-analyzer:8084): up Service catalog (anchore-engine-catalog-656768cb96-rd8bz, anchore-engine-catalog:8082): up Service policy_engine (anchore-engine-policy-6c577f456c-hj67x,anchore-engine-policy:8087): up Service policy_engine (anchore-engine-policy-6c577f456c-vmgxh, anchore-engine-policy:8087): up Service apiext (anchore-engine-api-54c87d8784-d8ltw, anchore-engine-api:8228): up Service simplequeue (anchore-engine-simplequeue-6cc76b449d-z8bnw, anchore-engine-simplequeue:8083): up Version of Anchore Engine and Anchore CLI if applicable:
What happened: I have a jenkins job which pulls the dockerfile from git and creates an image from it and pushes the image to ECR . Later on this image is being analysed using Anchor plugin. I have a jenkinsfile created for same . The plugin works fine but when i trigger same job several times , different images with different tags gets created but they have same sha . On checking the engine logs i get below error :
16:48:21 "detail": { 16:48:21 "error_codes": [] 16:48:21 }, 16:48:21 "httpcode": 404, 16:48:21 "message": "image is not analyzed - analysis_status: not_analyzed" 16:48:21 } 16:48:21 16:48:21 2021-12-29T11:18:21.040 WARN AnchoreWorker Exhausted all attempts polling anchore-engine. Analysis is incomplete for sha256:543fa03ffaf3ab8c0b63e1f79cf17b8ad6ad3bcde6fc3dd8a77161582c35a108 16:48:21 2021-12-29T11:18:21.040 ERROR AnchorePlugin Failing Anchore Container Image Scanner Plugin step due to errors in plugin executionWhat did you expect to happen: The plugin fails to analyse as the engine analyses on sha basis like "000000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c" but as under my anchore-images there are several images with same sha , the image is goes into "not anlaysed" stateAny relevant log output from /var/log/anchore:
`[Thread-1121576] [anchore_engine.clients.skopeo_wrapper/download_image()] [ERROR] command failed with exception - Error encountered in skopeo operation. cmd=/bin/sh -c skopeo copy --remove-signatures --src-tls-verify=true --src-creds "${SKOPUSER}":"${SKOPPASS}" docker://000000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c oci:/analysis_scratch/a5288737-0353-4a35-8913-dc816cbdb169/raw:image, rc=1, stdout=None, stderr=b'time="2021-12-23T06:18:55Z" level=fatal msg="Error initializing source docker://00000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test@sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c: Error reading manifest sha256:f108e7213ec37c4802309a06df030a6332cd0074f9520356fb40f68f3e6be34c in 0000000.dkr.ecr.eu-west-1.amazonaws.com/scan-test: manifest unknown: Requested image not found"\n', error_code=REGISTRY_IMAGE_NOT_FOUND` What docker images are you using: Have k8 setup using helmHow to reproduce the issue: Try adding image created using same Dockerfile and pushed in same ECR to Anchore Engine . The sha of the images should be same to reproduce this error
Anything else we need to know: