Failure scanning images with arch variant (e.g. arm/v7)

[mattmoor]

What happened:

grype output...
  Executing: grype -o sarif --fail-on low ghcr.io/mattmoor/static@sha256:b7dcd21f108cfed6c394aa18240a26c02f904337a962ca0ffe17368de5c65a23
  1 error occurred:
  	* failed to catalog: could not fetch image "ghcr.io/mattmoor/static@sha256:b7dcd21f108cfed6c394aa18240a26c02f904337a962ca0ffe17368de5c65a23": could not read image: unable to override metadata option: unknown architecture: arm/v7

What you expected to happen:

Successful scan

How to reproduce it (as minimally and precisely as possible):

We are running this via the action:

    - name: Scan image with Anchore/Grype
      id: grype-scan
      uses: anchore/scan-action@ecfd0e98932e57ea8f68f29c4f418fc41a8194db
      with:
        image: ghcr.io/mattmoor/static@sha256:b7dcd21f108cfed6c394aa18240a26c02f904337a962ca0ffe17368de5c65a23
        fail-build: false
        severity-cutoff: low

The image digest above should be public, so I've inlined it (instead of ${{ inputs.blah }}).

Anything else we need to know?:

Environment:

• Output of grype version: see the commit on the action, which should be fairly recent.
• OS (e.g: cat /etc/os-release or similar): The actions use ubuntu, but this is scanning arm images w/ variant.

[luhring]

I think the underlying problem here is in Stereoscope — filed a bug report: anchore/stereoscope#143

[luhring]

This issue may be able to be closed now, with the change made to apko in chainguard-dev/apko#364. There still may be an issue in stereoscope — I think it's worth confirming why "" is always used for the Variant for the Docker Daemon source (this may be correct but I don't understand why yet).

But my guess is Grype won't error out on images produced by images produced by apko going forward!

[tgerla]

Thanks for the update and sorry for the delay! I'll close this issue but feel free to re-open or open a new one if needed.