[BUG]: Trivy Getting Pull Access Denied for (Seemingly) Hashed Images

[felsokning]

When using trivy, after docker/build-push-action@v5.1.0 action, trivy seems to be translating the image names to a hash, with a prefix and suffix. The examples for the four images built in the screenshot provided are:

(Previous) Alpine - 7705ed:ccc0282675304573b1a13d3f2f01570b Arch - 48e97f:7c320f54db2b4f33b9481e1fb85da9c6 Debian - 1f606c:64fb3916ac674be9960fb1873e181cb5 Fedora - ad981e:46b1ed8a58554c08a600c5e96d3b2b24

(Latest) Alpine - 328047:43847b0149bb4e79892c9268b1008eee Arch - cea530:33401cbd96f141cabce182d652cffbf3 Debian - 889839:0ed8addb079d41b0a769815f2195337d Fedora - 31b20a:0a47dbe1c6d74262ba38dc6e4649809e

The build steps are the same for each image and I'm using the same steps for trivy, just changing the target image name. Two different tries, old versus latest.

I've tried looking at older issues and it seems everyone that this process works for is using a much older version of docker/build-push-action; so, my first assumption is that some behavior in the output of that step might have changed, which is leading to this, but I can't emphatically prove that (pretty sure I went with 5.1.0 because of end-of-life for js support in previous versions of the action).

Any ideas what might be happening, here, and/or how to get this to work? I can resort to docker build -t ..., if need-be, but since I don't do anything else with the images, having the build and publish in a single step would be preferrable.

[felsokning]

Issue: The hash is the image created by the action. Clean-up after the action creation but before the action run is the cause of the issue.