Inspector coverage inconsistent with actual configuration #6354
Comments
|
Assignee to provide screenshots with reproduction. |
|
@hannes-ucsc: "Assignee to open support ticket with AWS. Focus on the |
dsotirho-ucsc
added
bug
|
Opened AWS Support case 171927048400112 on anvilprod. |
|
@hannes-ucsc: "We discovered during the upgrade PR that newly pushed images are being scanned and show up as covered in Inspector. This leads me to believe that the problem will slowly fix itself once we push updates to all images. Assignee to close AWS Support ticket with the following statement: 'AWS Support confuses custom image tags with base image layers. While it is true that recently the OS in the base image of the image in question had not been supported, support for Alpine 3.20 was recently added. Furthermore, our evidence shows that the error message indicates that the scans are manual, not that the image is not supported (the status message for that would contain the word 'unsupported').' " |
|
Assignee to delete any images still affected and to re-upload them by deploying the shared component, as part of the merging of the upgrade and promotion PRs. |
Added CL items to current upgrade PR #6361 |
|
AWS Support ticket has been closed and feedback about the ticket was submitted |
|
For demo, attempt to reproduce. |
In
anvilprod, the Inspector console indicates that the container images in ECR are not configured to be actively/continuously monitored and are all listed in the 'Not scanning' tab. Since they are supposedly scanned manually. However, this is contradictory with the information in the scanning settings for the images within the ECR console.In the following screenshot from the Inspector console, it appears as if non of the images in ECR are configured for continuous scans.
But in ECR, the scan configuration is contradictory to the one shown in the Inspector console.
Furthermore, Inspector's last scanned date for the container images highlighted in the following screenshot …
is not congruent with the scan details of the image as seen from the ECR console.
The expectation for the Inspector console in the affected deployments is for it to resemble the one of the
tempdev. With most container images configured with the 'Actively monitoring' status.The text was updated successfully, but these errors were encountered: