Closed jomora closed 2 years ago
Hi @jomora,
This is actually by design. Specifically for the Docker scanning mode of the Unified Agent, the project name is not being taken into consideration. The reasoning is that in this mode, several images can be scanned in parallel, resulting in several projects being created/updated in the WhiteSource application. Thus, the project name, created per each image, is derived from the name of the scanned image.
When scanning images, the docker.projectNameFormat can be used to adjust the name of the project. We currently support 3 options:
However, in your case, in which the image tar file is scanned, the project name will be derived from the tar name.
I hope it clarifies the observed behavior, please let me know if you have additional questions.
Thanks,
Lena
@LenaKleyner, thanks a lot for the detailed response. This clarified the situation.
We think it would be valuable if the documentation would state how tar
files are handled.
https://whitesource.atlassian.net/wiki/spaces/WD/pages/710673221/Docker+Image+Integration#Example
Thanks again!
@bgoerzig and @jomora
Thanks @jomora , we've added some clarifications to the docs.
We're trying to scan a docker image and upload the results to Whitesource.
The docker image is present as a TAR file and has a generic name, i.e.
image.tar
.When running the unified agent we use the parameter
-projectName
to target a specific project.However, the project name is set to the name of the file without the extension, i.e.
image
.So, it results in a project named
image
being created in the Whitesource user interface.The same happens if we manually create the project via the UI and then pass the projectToken via the
-projectToken
parameter.In effect, we cannot scan our docker images.
Example: Scan ingress-nginx-controller
We run the following command:
We would expect a project of name "ingress-nginx-controller" to be created, but this does not happen. Instead the project "image" is created.
Below you will find our config file with for the first case (use
projectName
instead ofprojectToken
):