Quay images like quay.io/coreos/prometheus-operator are not scannable directly with trivy because quay doesn't support the v2.2 manifest schema see also this github issue in the trivy repo
A workaround is to pull the image manually and then run trivy - this doesn't seem to make sense in a pod which shouldn't run the docker daemon.
Another option I see is to download the image as a file without docker/crictl involved and then run trivy scan against that file.
Are there other possibilities or is there already a workaround to scan quay images?
sbkg0002
commented
4 years ago
Quay images like
quay.io/coreos/prometheus-operatorare not scannable directly with trivy because quay doesn't support the v2.2 manifest schema see also this github issue in the trivy repo A workaround is to pull the image manually and then run trivy - this doesn't seem to make sense in a pod which shouldn't run the docker daemon.Another option I see is to download the image as a file without docker/crictl involved and then run trivy scan against that file.
Are there other possibilities or is there already a workaround to scan quay images?