Currently chalk wraps a single docker build. As such if the image is based on another base image chalk mark copied into /chalk.json will have that information missing therefore we cannot easily derive a full lineage.
Adding ONBUILD can potentially help with this however there might be complications with multi-platform builds/etc so it might be warranted to query the registry for the chalk mark while inspecting the base image for chalk to build on top of.
Currently chalk wraps a single docker build. As such if the image is based on another base image chalk mark copied into
/chalk.json
will have that information missing therefore we cannot easily derive a full lineage.https://github.com/crashappsec/chalk/issues/305
Adding
ONBUILD
can potentially help with this however there might be complications with multi-platform builds/etc so it might be warranted to query the registry for the chalk mark while inspecting the base image for chalk to build on top of.