-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(misconf): disable DS016 check for image history analyzer #7540
Conversation
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
5ae1fdb
to
33e2436
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@knqyf263 @nikpivkin Maybe we can improve our GuessBaseImageIndex logic or at least write in the documentation that we skip this check for "--image-config-scanners misconfig" |
Since the logic is based on the assumption that the CMD is set correctly and infers the base layer, it would be difficult to detect cases where the CMD is set incorrectly, as in the AVD-DS-0011 rule.
Agreed, we should show a debug message about disabled check IDs. And document maybe. |
@DmitriyLewen @knqyf263 That's reasonable. I'll create a PR for that. |
hmm... you are right. If user has set 2 (or more) CMDs incorrectly - we can't guess the base layer correctly. |
Yes, I didn't come up with a good idea, then I decided to disable it until we find a good approach. |
Description
Related issues
Related PRs
Checklist