Open zyyw opened 3 months ago
What kind of error does Harbor expect when scanning an artifact Trivy doesn't support?
This is the response code for POST /scan
request:
Maybe it should return 400
when scanning an artifact Trivy doesn't support. @stonezdj @wy65701436 what's your opinion?
Reproduce steps:
library/redis
, tag matching7.2.4
)GENERATE SBOM
. You will see some of the container images having SBOM generated successfully while the others failed with error message, like below:For those container images that have SBOM generated successfully, it is because they have
application/vnd.oci.image.layer.v1.tar+gzip
inlayers[0].mediaType
.For those container images that failed, it is because they do NOT have
application/vnd.oci.image.layer.v1.tar+gzip
inlayers[0].mediaType
.Trivy has an assumption that the layers[0].mediaType is tar+gzip related, but it is not always true.