You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On exporting DOCKER_PLATFORM_ARCH=amd64 and running Klar command
.
.
HTTP/1.1 200 OK
.
.
Content-Type: application/vnd.docker.distribution.manifest.v2+json
.
.
Docker-Content-Digest: sha256:ca3a9e73ff06f67a84fc5fd943d04d2fb13bf4f7d48accf8a54c8b040f789097
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:ca3a9e73ff06f67a84fc5fd943d04d2fb13bf4f7d48accf8a54c8b040f789097"
.
.
Analysing 17 layers
Got results from Clair API v1
Whitelisted 7 vulnerabilities
Found 72 vulnerabilities
Unknown: 22
Negligible: 45
Medium: 5
On exporting DOCKER_PLATFORM_ARCH=arm64 and running Klar command, Klar also shows the sha256 of the amd64 architecture image and same vulnerabilities statistics of that of amd64.
.
.
HTTP/1.1 200 OK
.
.
Content-Type: application/vnd.docker.distribution.manifest.v2+json
.
.
Docker-Content-Digest: sha256:ca3a9e73ff06f67a84fc5fd943d04d2fb13bf4f7d48accf8a54c8b040f789097
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:ca3a9e73ff06f67a84fc5fd943d04d2fb13bf4f7d48accf8a54c8b040f789097"
.
.
Analysing 17 layers
Got results from Clair API v1
Whitelisted 7 vulnerabilities
Found 72 vulnerabilities
Unknown: 22
Negligible: 45
Medium: 5
as seen the sha256 shown in the output is always that of the linux/amd64 paltform and the vulnerabilities statistics are identical
Also by analysing the single arch individual image, the detected vulnerabilities are different
For KLAR_VERSION=2.4.0
For multi architecture images, that contain for instance arm64 and amd64 architectures,
On exporting DOCKER_PLATFORM_ARCH=amd64 and running Klar command
On exporting DOCKER_PLATFORM_ARCH=arm64 and running Klar command, Klar also shows the sha256 of the amd64 architecture image and same vulnerabilities statistics of that of amd64.
as seen the sha256 shown in the output is always that of the linux/amd64 paltform and the vulnerabilities statistics are identical
Also by analysing the single arch individual image, the detected vulnerabilities are different
amd64
arm64
Note that also on using any irrelevant DOCKER_PLATFORM_ARCH value, still klar scan the amd64 image
Steps to reproduce:
Actual result:
Expected result:
The text was updated successfully, but these errors were encountered: