-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extension does not return correct scan results on Windows 10. #77
Comments
Hi @AnandDJFrog, |
@sverdlov93 Excellent, thank you for looking into this 😁 |
Hi @sverdlov93, I believe a customer is facing this issue. Has this been resolved? |
Hi, @raphaelZaa the issue is already fixed and soon it will be released on JFrog Xray version. |
Thanks |
The Docker Desktop JFrog Extension does not work properly on Windows 10 machines. Image scans seem to be missing most or all vulnerabilities.
This problem can be demonstrated by Scanning the nginx:1.23.1 image, which is publicly available from DockerHub.
Using Artifactory 7.41.6 and Xray 3.52.4, when we scan the image nginx:1.23.1 using the "All Vulnerabilities" scanning policy, we get the following scan results.
The count of "critical" "high" "medium" and "low" vulnerabilities matches the counts when we generate a report for each severity level for this specific image (note in the screenshot above, the count by severity is organized from top to bottom critical to low while in the screenshot below the count is organized top to bottom low to critical).
When scanning from Windows 10 with the same settings, however, there are no vulnerabilities found at all.
I tried using the "Watches" scanning policy instead, however this resulted in the Image scan simply failing.
The text was updated successfully, but these errors were encountered: