[ECR] [feature request]: ECR scanning support for RockyLinux OS

[abencomoc]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Add RockyLinux as a supported OS in ECR Scanning.

Which service(s) is this request for? ECR

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Customers are switching to RockyLinux OS as an alternative to CentOS 8 (EOL). When switching ECR images to RockyLinux, customers loose the ability to scan images because RockyLinux is not a supported OS in ECR scanning [1]. By adding support for RockyLinux, customers will be able to host and scan their RockyLinux images in ECR.

[1] https://docs.aws.amazon.com/inspector/latest/user/supported.html#supported-os

Are you currently working around this issue? No workaround

Additional context Uploaded RockyLinux image to ECR: "https://hub.docker.com/_/rockylinux" ECR doesn't support this OS: { "imageScanStatus": { "status": "UNSUPPORTED_IMAGE", "description": "UnsupportedImageError: The operating system and/or package manager are not supported." },

[raesene]

In case it's useful, could be worth noting that Trivy supports scanning Rocky linux images https://aquasecurity.github.io/trivy/v0.25.0/vulnerability/detection/os/

[ccwolfram]

I'm been using the centos7 for a long time and shitf to rockylinux8. In the company we have many repositories with many images. All latest images in the print are "rockylinux:8"

Seems like sometimes it works sometimes it fails.

[albertlobbc]

It would be very nice to support rocky linux when we cannot rely on centos any more.

[albgus]

Rocky Linux 8 is now listed as supported in the AWS Documentation: https://docs.aws.amazon.com/inspector/latest/user/supported.html#supported-os-ecr

... but it does not seem to work as my images based on rockylinux/rockylinux:8 fails with UnsupportedImageError: The operating system and/or package manager are not supported.

[michaelb990]

What scanning system are you using?

ECR supports "enhanced scanning" (powered by AWS Inspector) and "basic scanning" today. The link @albgus posted is for the enhanced version. The error message posted above looks like it is coming from our basic scanning system, but I'm not 100% sure about that. If you need rockylinux support today, I'd suggest switching to enhanced scanning.