Open NandiniDJFrog opened 2 years ago
sverdlov93
commented
2 years ago Hi @AnandDJFrog, Thanks for reporting this issue. We found the cause for that problem on JFrog Xray side and it should be fixed soon. I will update this thread once the next release will be out.
NandiniDJFrog
commented
1 year ago @sverdlov93 Excellent, thank you for looking into this 😁
raphaelZaa
commented
1 year ago Hi @sverdlov93, I believe a customer is facing this issue. Has this been resolved?
sverdlov93
commented
1 year ago Hi, @raphaelZaa the issue is already fixed and soon it will be released on JFrog Xray version. I will update here the exact version number.
raphaelZaa
commented
1 year ago Thanks
The Docker Desktop JFrog Extension does not work properly on Windows 10 machines. Image scans seem to be missing most or all vulnerabilities.
This problem can be demonstrated by Scanning the nginx:1.23.1 image, which is publicly available from DockerHub.
Using Artifactory 7.41.6 and Xray 3.52.4, when we scan the image nginx:1.23.1 using the "All Vulnerabilities" scanning policy, we get the following scan results.
The count of "critical" "high" "medium" and "low" vulnerabilities matches the counts when we generate a report for each severity level for this specific image (note in the screenshot above, the count by severity is organized from top to bottom critical to low while in the screenshot below the count is organized top to bottom low to critical).
When scanning from Windows 10 with the same settings, however, there are no vulnerabilities found at all.
I tried using the "Watches" scanning policy instead, however this resulted in the Image scan simply failing.