Conversation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
467a3cf to
3de5f46
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In cases where you have multiple images for a single repository already pulled and you specify an image without a tag to
docker sbomthen you will get back fromdocker image savea tar that has multiple images / manifests. This is a problem sense we are trying to create a SBOM description for a single image, and multiple images are not supported.This PR adjusts input validation to parse the image reference and if a tag or digest is not found, then a
latestis assumed. This should result in a single manifest at thedocker image savestep since platform and OS have sane defaults as well. The only remaining case that is not covered would be if multiple manifests are created for the same tag manually, which is unlikely, and not supported yet (they will need to use a digest in these cases).