When using trivy, after docker/build-push-action@v5.1.0 action, trivy seems to be translating the image names to a hash, with a prefix and suffix. The examples for the four images built in the screenshot provided are:
The build steps are the same for each image and I'm using the same steps for trivy, just changing the target image name. Two different tries, old versus latest.
I've tried looking at older issues and it seems everyone that this process works for is using a much older version of docker/build-push-action; so, my first assumption is that some behavior in the output of that step might have changed, which is leading to this, but I can't emphatically prove that (pretty sure I went with 5.1.0 because of end-of-life for js support in previous versions of the action).
Any ideas what might be happening, here, and/or how to get this to work? I can resort to docker build -t ..., if need-be, but since I don't do anything else with the images, having the build and publish in a single step would be preferrable.
When using trivy, after
docker/build-push-action@v5.1.0
action, trivy seems to be translating the image names to a hash, with a prefix and suffix. The examples for the four images built in the screenshot provided are:(Previous) Alpine -
7705ed:ccc0282675304573b1a13d3f2f01570b
Arch -48e97f:7c320f54db2b4f33b9481e1fb85da9c6
Debian -1f606c:64fb3916ac674be9960fb1873e181cb5
Fedora -ad981e:46b1ed8a58554c08a600c5e96d3b2b24
(Latest) Alpine -
328047:43847b0149bb4e79892c9268b1008eee
Arch -cea530:33401cbd96f141cabce182d652cffbf3
Debian -889839:0ed8addb079d41b0a769815f2195337d
Fedora -31b20a:0a47dbe1c6d74262ba38dc6e4649809e
The build steps are the same for each image and I'm using the same steps for trivy, just changing the target image name. Two different tries, old versus latest.
I've tried looking at older issues and it seems everyone that this process works for is using a much older version of
docker/build-push-action
; so, my first assumption is that some behavior in the output of that step might have changed, which is leading to this, but I can't emphatically prove that (pretty sure I went with 5.1.0 because of end-of-life for js support in previous versions of the action).Any ideas what might be happening, here, and/or how to get this to work? I can resort to
docker build -t ...
, if need-be, but since I don't do anything else with the images, having the build and publish in a single step would be preferrable.