Skip to content

feat: container scan support for image.tar scan with unspecified image type CN-62 #5821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 11, 2025
Merged

feat: container scan support for image.tar scan with unspecified image type CN-62 #5821

merged 1 commit into from
Apr 11, 2025

Conversation

adrobuta
Copy link
Contributor

@adrobuta adrobuta commented Apr 8, 2025
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Adds support for scanning archives without specifying the image type. This implies finding the absolute path of the archive file specified and fallback on different type of extractors when decompressing the archive.

Where should the reviewer start?

How should this be manually tested?

Snyk can directly scan or monitor a Docker or OCI archive by running the following commands:

snyk container test docker-archive:archive.tar
snyk container test oci-archive:archive.tar
snyk container test kaniko-archive:archive.tar

Manually defining the image type adds complexity, increases the risk of errors, and may not account for dynamic updates of the pipelines where the customer has deployed snyk. This change adds support for scanning archives without specifying the image type.

The change can be tested by providing only the .tar filename without specifying docker-archive or oci-archive prefix:
snyk container test archive.tar

What's the product update that needs to be communicated to CLI users?

Adds support for scanning image archives without specifying the image type as prefix.

snyk container test image.tar
snyk container monitor image.tar

@adrobuta adrobuta requested a review from a team as a code owner April 8, 2025 11:29
@adrobuta adrobuta force-pushed the feat/container-scan-tars-unspecified-type branch from 3854aac to 497c06a Compare April 9, 2025 08:42
CatalinSnyk
CatalinSnyk previously approved these changes Apr 9, 2025
View reviewed changes
Copy link
Contributor

@CatalinSnyk CatalinSnyk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, but I think a small test would be nice this deserves a test since it's a feat :)

@PeterSchafer PeterSchafer dismissed CatalinSnyk’s stale review April 9, 2025 11:33

I will be dismissing the review for now, since I think a test should be added or at least explained why no test is required. But I think existing tests can probably be re-used.

@adrobuta adrobuta force-pushed the feat/container-scan-tars-unspecified-type branch 2 times, most recently from 8a1cebc to b1178e1 Compare April 10, 2025 04:54
@adrobuta
Copy link
Contributor Author

@PeterSchafer @CatalinSnyk tests were added as part of the plugin upgrade but I've added a test here too for completeness.

@adrobuta adrobuta force-pushed the feat/container-scan-tars-unspecified-type branch 4 times, most recently from 5dca659 to 27202e7 Compare April 10, 2025 15:12
@adrobuta adrobuta requested a review from CatalinSnyk April 11, 2025 09:40
@adrobuta adrobuta force-pushed the feat/container-scan-tars-unspecified-type branch from 27202e7 to 58b0861 Compare April 11, 2025 11:44
@adrobuta adrobuta merged commit 3c65af6 into main Apr 11, 2025
7 checks passed
@adrobuta adrobuta deleted the feat/container-scan-tars-unspecified-type branch April 11, 2025 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PeterSchafer PeterSchafer PeterSchafer approved these changes

@CatalinSnyk CatalinSnyk Awaiting requested review from CatalinSnyk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adrobuta @PeterSchafer @CatalinSnyk