My pipeline has multiple stages and each stage creates a docker image.
there are two issues, first at the end of the pipeline I end up having 3 separate 'Achore reports' but they all have the same data (the Achore Policy Evaluation Report has the results for the 3 scans). Second, the 'Anchore Policy Evaluation Summary' shows the same image for the 3 different 'Anchore reports'
The pipeline process is something like
- Create base image
- Create Builder image
- Create Runner image
I check each image after each stage (so that it fails if one of them had issues)
anchore(name: IMAGES_FILE_PATH, engineRetries: '1000', forceAnalyze: true,
I tried using different names for the IMAGES_FILE_PATH but it yields the same problems
it would be nice if each report only had the information about that one image
Sorry if I didnt provided enough details, I would be happy to add more info
Kind of related stack overflow issue
with the exception that I cant wait until the end to scan the images