Support for multiple image refs of same sha in OCI layout #1544
Comments
saisatishkarra
changed the title
|
Hi @saisatishkarra, thanks for filing the issue. We have a couple of questions over here. Usually these OCI manifests are used, for instance, to list different architectures of the same image (which would have different SHAs), so we are a little bit confused as to why you would have a manifest with two instances of the same exact image (same SHA). Can you provide a few more details about where this manifest came from, what build tool created it, or how to create it, and we can take a closer look? Thanks! |
|
@tgerla This index manifest is produced when using a build-push-action with multiple tags (list/csv) for a single architecture of the same image. Each tag is considered to produce a separate manifest within the index.json with differing |
|
There is a potential enhancement we can make in https://github.com/anchore/stereoscope where we check the manifest list, and if all of the digest are equal, we can proceed with the scan. @wagoodman if we find that this is only one single image we can just pick one and go right? I've added this to the backlog as a stereoscope enhancement while we wait for a 2nd from @wagoodman |
|
@spiffcs Is there an update on this? |
|
@saisatishkarra just filed a PR in stereoscope to address this. Apologies for the long response time here! |
|
This PR has been merged so I'll look to get this brought into syft for the next release |
What would you like to be added:
application/vnd.oci.image.index.v1+jsonfor the same sha in single oci-layoutWhy is this needed:
Needed to avoid scanning twice for images with the same sha and different tag
Additional context:
The text was updated successfully, but these errors were encountered: