search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
233 stars 40 forks source link

Windows images vulnerability scanning #2151

Closed gillg closed 2 years ago

gillg commented 2 years ago

Problem description

Hello, I enabled the vulnerabilities scanning on one of my repo which contains windows images some days ago. For now I don't have any trace of success or failed scans. This feature seems just not work silently with windows images. Anyone can confirm ? If it's the case you really should remove the "scan" button on a repo where we have windows images, or at least add a status "not supported" in the scan result column. Today we are completly blind on what happen.

mikeparker commented 2 years ago

https://docs.docker.com/docker-hub/vulnerability-scanning/

Docker Hub currently supports scanning images which are of AMD64 architecture, Linux OS, and are less than 10 GB in size.

We can't remove the scan button on a repo with windows images because people often have windows and linux images together, and it would require checking the architecture of every image, and also if they then start pushing linux images this way the scan will start working.

However, I appreciate that it'd be nice to have a scan status indicator to give an appropriate error message or warning on unscannable images.

github-actions[bot] commented 2 years ago

We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.